Enhancements in Release F.04.08

Configuring Secure Shell (SSH)

Note on Port Number

The ip ssh key-sizecommand affects only a per-session, internal server key the switch creates, uses, and discards. This key is not accessible from the user interface. The switch’s public (host) key is a separate, accessible key that is always 896 bits.

HP recommends using the default IP port number (22). However, you can use ip ssh port to specify any TCP port for SSH connections except those reserved for other purposes. Examples of reserved IP ports are 23 (Telnet) and 80 (http). Some other commonly reserved IP ports are 49, 80, 1506, and 1513.

Enables SSH on the switch.

Lists the current SSH configuration and status.

The switch uses these three settings internally for transactions with clients. See the Note, below.

With SSH running, the switch allows one console session and up to three other sessions (SSH and/or Telnet). Web browser sessions are also allowed, but does not appear in the show ip ssh listing.

Figure 36. Example of Enabling IP SSH and Listing the SSH Configuration and Status

Caution

Protect your private key file from access by anyone other than yourself. If someone can access your private key file, they can then penetrate SSH security on the switch by appearing to be you.

SSH does not protect the switch from unauthorized access via the Web interface, Telnet, SNMP, or the serial port. While Web and Telnet access can be restricted by the use of passwords local to the switch, if you are unsure of the security this provides, you may want to disable Web-based and/or Telnet access (no web-managementand no telnet). If you need to increase SNMP security, use the snmp security command. Another security measure is to use the Authorized IP Managers feature described in the switch’s Management and Configuration Guide. To protect against unauthorized access to the serial port (and the Clear button, which removes local password protection), keep physical access to the switch restricted to authorized personnel.

91