Configuring Secure Shell (SSH)

 

Terminology

 

 

Note

SSH in ProCurve switches is based on the OpenSSH software toolkit. For more

 

information on OpenSSH, visit www.openssh.com.

 

Switch SSH and User Password Authentication . This option is a subset

 

 

of the client public-key authentication shown in figure 6-1. It occurs if the

 

switch has SSH enabled but does not have login access (login public-key)

 

configured to authenticate the client’s key. As in figure 6-1, the switch authen-

 

ticates itself to SSH clients. Users on SSH clients then authenticate themselves

 

to the switch (login and/or enable levels) by providing passwords stored

 

locally on the switch or on a TACACS+ or RADIUS server. However, the client

 

does not use a key to authenticate itself to the switch.

ProCurve

Switch

(SSH

Server)

1. Switch-to-Client SSH

2. User-to-Switch (login password and enable password authentication)

options:

Local

TACACS+

SSH

Client

Work-

Station

Figure 6-2. Switch/User Authentication

Terminology

SSH Server: A ProCurve switch with SSH enabled.

Key Pair: A pair of keys generated by the switch or an SSH client application. Each pair includes a public key, that can be read by anyone and a private key held internally in the switch or by a client.

PEM (Privacy Enhanced Mode): Refers to an ASCII-formatted client public-key that has been encoded for portability and efficiency. SSHv2 client public-keys are typically stored in the PEM format. See figure 6-3 for an example of PEM-encoded ASCII keys.

Private Key: An internally generated key used in the authentication process. A private key generated by the switch is not accessible for viewing or copying. A private key generated by an SSH client applica- tion is typically stored in a file on the client device and, together with its public key counterpart, can be copied and stored on multiple devices.

Public Key: An internally generated counterpart to a private key. A device’s public key is used to authenticate the device to other devices.

6-3