Configuring Secure Shell (SSH)
Overview
Overview
Feature Default Menu CLI Web
Generating a public/private key pair on the switch No n/a page 7-9 n/a
Using the switch’s public key n/a n/a page 7-12 n/a
Enabling SSH Disabled n/a page 7-15 n/a
Enabling client public-key authentication Disabled n/a pages 7-20, n/a
7-23
Enabling user authentication Disabled n/a page 7-20 n/a
The switches covered in this guide use Secure Shell version 2 (SSHv2) to
provide remote access to management functions on the switches via
encrypted paths between the switch and management station clients capable
of SSH operation.
SSH provides Telnet-like functions but, unlike Telnet, SSH provides encrypted,
authenticated transactions. The authentication types include:
■ Client public-key authentication
■ Switch SSH and user password authentication
Client Public Key Authentication (Login/Operator Level) with User
Password Authentication (Enable/Manager Level). This option uses
one or more public keys (from clients) that must be stored on the switch. Only
a client with a private key that matches a stored public key can gain access
to the switch. (The same private key can be stored on one or more clients.)
ProCurve
Switch
(SSH
Server)
1. Switch-to-Client SSH authentication.
2.Client-to-Switch (login rsa) authentication
3.User-to-Switch (enable password) authentication
options:
– Local
–TACACS+
–RADIUS
–None
SSH
Client
Work-
Station
Figure 7-1. Client Public Key Authentication Model
Note SSH in ProCurve switches is based on the OpenSSH software toolkit. For more
information on OpenSSH, visit
www.openssh.com.
7-2
