HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 93
Configuring the Telnet protocol
UPC - 829160830858
View all HP A7533A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 93 highlights
Example: exporting a public key from the switch switch:kghanta> sshutil exportpubkey Enter IP address:192.168.38.244 Enter remote directory:~auser/.ssh Enter login name:auser Password: public key out_going.pub is exported successfully. 8. Append the public key to a remote host by logging in to the remote host, locating the directory where authorized keys are stored, and appending the public key to the file. You may need to refer to the host's documentation to locate where the authorized keys are stored. 9. Test the setup by issuing a command that uses SCP and authentication, such as firmwareDownload or configUpload. Deleting keys on the switch 1. Log in to the switch as the allowed-user. 2. Issue the sshUtil delprivkey command to delete the private key, or Issue the sshUtil delpubkeys command to delete all public keys. Configuring the Telnet protocol Telnet is enabled by default. To prevent users from passing clear text passwords over the network when they connect to the switch, you can block the Telnet protocol using an IP Filter policy. NOTE: Before blocking Telnet, make sure you have an alternate method of establishing a connection with the switch. Blocking Telnet To block Telnet: 1. Connect to the switch and log in as admin. Connect through some means other than Telnet: for example, through SSH. 2. Create a policy by issuing the following command: ipfilter --create -type < ipv4 | ipv6 > where policyname is the name of the new policy and -type specifies an IPv4 or IPv6 address. Example: ipfilter --create block_telnet_v4 --type ipv4 3. Add a rule to the policy, by issuing the following command: ipfilter --addrule -rule -sip -dp -proto -act where the -sip option can be given as any; dp is the port number for telnet (23), and -proto is tcp. Example: ipfilter --addrule block_telnet_v4 -rule 2 -sip any -dp 23 -proto tcp -act deny 4. Save the new ipfilter policy by issuing the following command: ipfilter --save [policyname] where [policyname] is the name of the policy and is optional. Fabric OS 6.1.1 administrator guide 93