HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 289
Note on Port, Num b er, Caution, ip ssh port
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 289 highlights
Note on Port Num b er Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation ProCurve recommends using the default TCP port number (22). However, you can use ip ssh port to specify any TCP port for SSH connections except those reserved for other purposes. Examples of reserved IP ports are 23 (Telnet) and 80 (http). Some other reserved TCP ports on the switch are 49, 80, 1506, and 1513. ProCurve(config) ip ssh Enable SSH ProCurve(config)# show ip ssh SSH Enabled : Yes TCP Port Number : 22 IP Version : IPv4orIPv6 Host Key Type : RSA Secure Copy Enabled : No Timeout (sec) : 120 Host Key Size : 1024 Ciphers : aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc, [email protected],aes128-ctr,aes192-ctr,aes256-ctr MACs : hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 Ses Type | Source IP Port 1 console | 2 telnet | 3 ssh | 12.255.255.255 4 inactive | 5 inactive | With SSH running, the switch allows one console session and up to five other sessions (SSH and/or Telnet). Web browser sessions are also allowed, but do not appear in the show ip ssh listing. Figure 7-10. Example of Enabling IP SSH and Displaying the SSH Configuration Caution Protect your private key file from access by anyone other than yourself. If someone can access your private key file, they can then penetrate SSH security on the switch by appearing to be you. SSH does not protect the switch from unauthorized access via the web interface, Telnet, SNMP, or the serial port. While web and Telnet access can be restricted by the use of passwords local to the switch, if you are unsure of the security this provides, you may want to disable web-based and/or Telnet access (no web-management and no telnet). If you need to increase SNMP security, you should use SNMP version 3 only. If you need to increase the security of your web interface see the section on SSL. Another security measure is to use the Authorized IP Managers feature described in the switch's Management and Configuration Guide. To protect against unauthorized 7-19