HP AE370A HP StorageWorks Fabric OS 6.2 administrator guide (5697-0016, May 20 - Page 108
Configuring SSH authentication
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 108 highlights
Configuring SSH authentication Incoming authentication is used when the remote host needs to authenticate to the switch. Outgoing authentication is used when the switch needs to authenticate to a server or remote host and is more commonly used for the configUpload command. Both password and public key authentication can coexist on the switch. After the allowed-user is configured, the remaining setup steps must be completed by the allowed-user. 1. Log in to the switch as the default admin. 2. Change the allowed-user's role to admin, if applicable. switch:admin> userconfig --change username -r admin where username is the name of the user you want to perform SSH public key authentication, import, export, and delete keys. 3. Set up the allowed-user by typing the following command: switch:admin> sshutil allowuser username where username is the name of the user you want to perform SSH public key authentication, import, export, and delete keys. 4. Generate a key pair for host-to-switch (incoming) authentication by logging in to your host as admin, verifying that SSH v2 is installed and working (see your host's documentation as necessary), and typing the following command: ssh-keygen -t dsa If you need to generate a key pair for outgoing authentication, skip steps 4 and 5 and proceed to step 6. Example: RSA/DSA key pair generation alloweduser@mymachine: ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/users/alloweduser/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /users/alloweduser/.ssh/id_dsa. Your public key has been saved in /users/alloweduser/.ssh/id_dsa.pub. The key fingerprint is: 32:9f:ae:b6:7f:7e:56:e4:b5:7a:21:f0:95:42:5c:d1 alloweduser@mymachine 5. Import the public key to the switch by logging in to the switch as the allowed-user and entering the following command: sshUtil importpubkey Respond to the prompts as follows: IP address remote directory public key name login name password Enter the IP address of the switch. IPv6 is supported by sshUtil. Enter the path to the remote directory where the public key is stored. Enter the name of the public key. Enter the name of the user granted access to the host. Enter the password for the host. Example: Adding the public key to the switch 106 Configuring standard security features