Configuring The Switch For Ssh Authentication - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Note
8-20
access to the serial port (and the Clear button, which removes local password
protection), keep physical access to the switch restricted to authorized per-
sonnel.
5. Configuring the Switch for SSH Authentication
Note that all methods in this section result in authentication of the switch's
public key by an SSH client. However, only Option B, below results in the
switch also authenticating the client's public key. Also, for a more detailed
discussion of the topics in this section, refer to "Further Information on SSH
Client Public-Key Authentication" on page 8-25
HP Networking recommends that you always assign a Manager-Level (enable)
password to the switch. Without this level of protection, any user with Telnet,
web, or serial port access to the switch can change the switch's configuration.
Also, if you configure only an Operator password, entering the Operator
password through telnet, web, ssh or serial port access enables full manager
privileges. See "1. Assigning a Local Login (Operator) and Enable (Manager)
Password" on page 8-9.
Option A: Configuring SSH Access for Password-Only SSH
Authentication. When configured with this option, the switch uses its pub-
lic key to authenticate itself to a client, but uses only passwords for client
authentication.
Syntax: aaa authentication ssh login < local | tacacs | radius >[< local | none >]
Configures a password method for the primary and second-
ary login (Operator) access. If you do not specify an optional
secondary method, it defaults to none. If the primary method
is local, the secondary method must be none.
aaa authentication ssh enable < local | tacacs | radius>[< local | none >]
Configures a password method for the primary and second-
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none. If the primary
method is local, the secondary method must be none.
Hide quick links:
Chapters
Table of Contents
