Configuring Secure Shell (SSH)

Steps for Configuring and Using SSH for Switch and Client Authentication

Switch

Primary SSH

Authenticate

Authenticate

Primary Switch

Secondary Switch

Access

Authentication

Switch Public Key

Client Public Key

Password

Password

Level

 

to SSH Clients?

to the Switch?

Authentication

Authentication

 

 

 

 

 

 

Manager

ssh enable local

Yes

No

Yes

local or none

(Enable)

ssh enable tacacs

Yes

No

Yes

local or none

Level

ssh enable radius

Yes

No

Yes

local or none

 

1For ssh login public-key, the switch uses client public-key authentication instead of the switch password options for primary authentication.

The general steps for configuring SSH include:

A. Client Preparation

1. Install an SSH client application on a management station you want to use for access to the switch. (Refer to the documentation provided with your SSH client application.)

2. Optional—If you want the switch to authenticate a client public-key on the client:

a.Either generate a public/private key pair on the client computer (if your client application allows) or import a client key pair that you have generated using another SSH application.

b.Copy the client public key into an ASCII file on a TFTP server accessible to the switch and download the client public key file to the switch . (The client public key file can hold up to 10 client keys.) This topic is covered under “To Create a Client-Public-Key Text File” on page 4-23.

4-6

Page 90
Image 90
HP 4100gl manual Switch Primary SSH Authenticate Primary Switch, Manager Ssh enable local, Enable Ssh enable tacacs