Manuals / HP / Computer Equipment / Switch

HP 445946-001 manual SSH and SCP encryption of management messages

Models: 445946-001

1 198
Download 198 pages 26.86 Kb
Page 33
Image 33

Accessing the switch

Applying and saving configuration

Enter the apply and save commands after the command above (scp ad4.cfg 205.178.15.157:putcfg), or use the following commands. You will be prompted for a password.

>># scp <local_filename> <user>@<switch IP addr>:putcfg_apply

>># scp <local_filename> <user>@<switch IP addr>:putcfg_apply_save

For example:

>># scp ad4.cfg admin@205.178.15.157:putcfg_apply

>># scp ad4.cfg admin@205.178.15.157:putcfg_apply_save

NOTE:

The diff command is automatically executed at the end of putcfg to notify the remote client of the difference between the new and the current configurations.

putcfg_apply runs the apply command after the putcfg is done.

putcfg_apply_save saves the new configuration to the flash after putcfg_apply is done.

The putcfg_apply and putcfg_apply_save commands are provided because extra apply and save commands are usually required after a putcfg.

SSH and SCP encryption of management messages

The following encryption and authentication methods are supported for SSH and SCP:

Server Host Authentication—Client RSA authenticates the switch at the beginning of every connection

Key Exchange—RSA

Encryption—AES256-CBC, AES192-CBC, 3DES-CBC, 3DES, ARCFOUR

User Authentication—Local password authentication, RADIUS, TACACS+

Generating RSA host and server keys for SSH access

To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the switch. The server key is 768 bits and is used to make it impossible to decipher a captured session by breaking into the switch at a later time.

When the SSH server is first enabled and applied, the switch automatically generates the RSA host and server keys and is stored in the flash memory.

To configure RSA host and server keys, first connect to the switch console connection (commands are not available via Telnet connection), and enter the following commands to generate them manually:

>>

#

/cfg/sys/sshd/hkeygen

(Generates

the

host key)

>>

#

/cfg/sys/sshd/skeygen

(Generates

the

server key)

These two commands take effect immediately without the need of an apply command.

When the switch reboots, it will retrieve the host and server keys from the flash memory. If these two keys are not available in the flash memory and if the SSH server feature is enabled, the switch automatically generates them during the system reboot. This process may take several minutes to complete.

The switch can also automatically regenerate the RSA server key. To set the interval of RSA server key autogeneration, use the following command:

>> # /cfg/sys/sshd/intrval <number of hours (0-24)>

33

Page 32 Page 34
Page 33
Image 33
HP 445946-001 manual SSH and SCP encryption of management messages, Generating RSA host and server keys for SSH access
Page 32 Page 34