HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 290
Configuring the Switch for SSH Authentication
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 290 highlights
Configuring Secure Shell (SSH) Configuring the Switch for SSH Operation access to the serial port (and the Clear button, which removes local password protection), keep physical access to the switch restricted to authorized per sonnel. Note 5. Configuring the Switch for SSH Authentication Note that all methods in this section result in authentication of the switch's public key by an SSH client. However, only Option B, below results in the switch also authenticating the client's public key. Also, for a more detailed discussion of the topics in this section, refer to "Further Information on SSH Client Public-Key Authentication" on page 7-24 ProCurve recommends that you always assign a Manager-Level (enable) password to the switch. Without this level of protection, any user with Telnet, web, or serial port access to the switch can change the switch's configuration. Also, if you configure only an Operator password, entering the Operator password through telnet, web, ssh or serial port access enables full manager privileges. See "1. Assigning a Local Login (Operator) and Enable (Manager) Password" on page 7-10. Option A: Configuring SSH Access for Password-Only SSH Authentication. When configured with this option, the switch uses its pub lic key to authenticate itself to a client, but uses only passwords for client authentication. Syntax: aaa authentication ssh login < local | tacacs | radius >[< local | none >] Configures a password method for the primary and second ary login (Operator) access. If you do not specify an optional secondary method, it defaults to none. If the primary method is local, the secondary method must be none. aaa authentication ssh enable < local | tacacs | radius>[< local | none >] Configures a password method for the primary and second ary enable (Manager) access. If you do not specify an optional secondary method, it defaults to none. If the primary method is local, the secondary method must be none. 7-20