HP (Hewlett-Packard) 2650 (J4899A/B) Switch User Manual


 
6-19
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Option B: Configuring the Switch for Client Public-Key SSH
Authentication. When configured with this option, the switch uses its pub-
lic key to authenticate itself to a client, but the client must also provide a client
public-key for the switch to authenticate. This option requires the additional
step of copying a client public-key file from a TFTP server into the switch.
This means that before you can use this option, you must:
1. Create a key pair on an SSH client.
2. Copy the client’s public key into a public-key file (which can contain up
to ten client public-keys).
3. Copy the public-key file into a TFTP server accessible to the switch and
download the file to the switch.
(For more on these topics, refer to “Further Information on SSH Client Public-
Key Authentication” on page 6-21.)
With steps 1 - 3, above, completed and SSH properly configured on the switch,
if an SSH client contacts the switch, login authentication automatically occurs
using the switch and client public-keys. Then, after the client gains login
access, the switch controls client access to the manager level by requiring the
passwords configured earlier by the aaa authentication ssh enable command.
Syntax: aaa authentication ssh login < local | tacacs | radius >[< local | none >]
Configures a password method for the primary and second-
ary login (Operator) access. If you do not specify a secondary
method, it defaults to none.
If the primary method is local, the secondary method is
always none, which may or may not be specified.
aaa authentication ssh enable < local | tacacs | radius>[< local | none >]
Configures a password method for the primary and second-
ary enable (Manager) access. If you do not specify a second-
ary method, it defaults to none.
If the primary method is local, the secondary method is
always none, which may or may not be specified.