HP (Hewlett-Packard) 2900 Switch User Manual


 
6-15
IPv6 Management Security Features
Secure Shell for IPv6
Secure Shell for IPv6
The Secure Shell (SSH) for IPv6 feature provides the same Telnet-like func-
tions through encrypted, authenticated transactions as SSH for IPv4. SSH for
IPv6 provides CLI (console) access and secure file transfer functionality. The
following types of transactions are supported:
Client public-key authentication
Public keys from SSH clients are stored on the switch. Access to the
switch is granted only to a client whose private key matches a stored
public key.
Password-only client authentication
The switch is SSH-enabled but is not configured with the login method
that authenticates a client’s public-key. Instead, after the switch authenti-
cates itself to a client, users connected to the client authenticate them-
selves to the switch by providing a valid password that matches the
operator- and/or manager-level password configured and stored locally on
the switch or on a RADIUS or TACACS+ server.
Secure Copy (SCP) and Secure FTP (SFTP)
You can use an SCP or SFTP client application to perform secure file
transfers to and from the switch.
Configuring SSH for IPv6
By default, SSH is automatically enabled for IPv4 and IPv6 connections on a
switch. As with SSH for IPv4, you can enter the ip ssh command to reconfigure
the default SSH settings to:
Restrict access to the SSH server running on the switch to only IPv4 or
IPv6 clients.
Modify the TCP port number and timeout period used in SSH authentica-
tion in IPv4 and IPv6 connections.