49
Enhancements
Release K.12.06 Enhancements
In software release K.12.06 and greater, RADIUS shared secret (encryption) keys can be saved in a
configuration file with the following syntax:
radius-server key <keystring>
Where:
<keystring> is the encryption key (in clear text) used for secure communication with all or a specific
RADIUS server.
SSH Client Public-Key Authentication
Secure Shell version 2 (SSHv2) is used by ProCurve switches to provide remote access to
SSH-enabled management stations. Although SSH provides Telnet-like functions, unlike Telnet, SSH
provides encrypted, two-way authenticated transactions. SSH client public-key authentication is one
of the types of authentication used.
Client public-key authentication uses one or more public keys (from clients) that must be stored on
the switch. Only a client with a private key that matches a public key stored on the switch can gain
access at the manager or operator level. For more information about how to configure and use SSH
public keys to authenticate SSH clients that try to connect to the switch, refer to the “Configuring
Secure Shell” chapter in the Access Security Guide.
In software releases earlier than K.12.06, client public-keys that are used to authenticate SSH clients
are only stored in flash memory, not in the running-config file. You can view the SSH public keys
stored on a switch by entering the show crypto client-public-key command. The only SSH security
credential that is stored in the running configuration are the following commands:
aaa authentication ssh login public-key
aaa authentication ssh enable public-key
■ The aaa authentication ssh login public-key command allows operator access using SSH
public-key authentication.
■ The aaa authentication ssh enable public-key command allows manager access using SSH
public-key authentication.
In software release K.12.06 and greater, the SSH security credential that is stored in the running
configuration is the syntax of the ip ssh public-key command used to authenticate SSH clients for
manager or operator access, along with the hashed content of each SSH client public-key. The syntax
of the ip ssh public-key command is as follows:
ip ssh public-key <manager|operator> <keystring>
Where:
manager allows manager-level access using SSH public-key authentication.
operator allows operator-level access using SSH public-key authentication.
<keystring> is a legal SSHv2 (RSA or DSA) public key. The text string for the public key must be a
single quoted token.
