80
Enhancements in Release F.04.08
Configuring Secure Shell (SSH)
Terminology
■ SSH Server: An HP Series 2500 switch with SSH enabled.
■ Key Pair: A pair of keys generated by the switch or an SSH client application. Each pair
includes a public key (that can be read by anyone) and a private key that is held internally
in the switch or by a client.
■ PEM (Privacy Enhanced Mode): Refers to an ASCII-formatted client public-key that has
been encoded for greater security. SSHv2 client public-keys are typically stored in the PEM
format. See figures 28 and 29 for examples of PEM-encoded ASCII and non-encoded ASCII
keys.
■ Private Key: An internally generated key used in the authentication process. A private key
generated by the switch is not accessible for viewing or copying. A private key generated by
an SSH client application is typically stored in a file on the client device and, together with
its public key counterpart, can be copied and stored on multiple devices.
■ Public Key: An internally generated counterpart to a private key. Public keys are used for
authenticating a
■ Enable Level: Manager privileges on the switch.
■ Login Level: Operator privileges on the switch.
■ Local password or username: A Manager-level or Operator-level password configured in
the switch.
■ SSH Enabled: (1) A public/private key pair has been generated on the switch (crypto key
generate [rsa]) and (2) SSH is enabled (ip ssh). (You can generate a key pair without enabling
SSH, but you cannot enable SSH without first generating a key pair. See “2. Generating the
Switch’s Public and Private Key Pair” on page 85 and “4. Enabling SSH on the Switch and
Anticipating SSH Client Contact Behavior” on page 89.)
Prerequisite for Using SSH
Before using a Series 2500 switch as an SSH server, you must install a publicly or commercially
available SSH client application on the computer(s) you use for management access to the switch.
If you want client public-key authentication (page 78), then the client program must have the
capability to generate public and private key pairs.
Public Key Format Requirement
Any client application you use for client public-key authentication with the switch must have the
capability to store a public key in non-encoded ASCII format. The switch does not interpret keys
generated using the PEM (Privacy Enhanced Mode) format (also in ASCII characters) that some
SSHv2 client applications use for storing public keys. If your client application stores PEM-encoded