Configuring Username and Password Security

Saving Security Credentials in a Config File

during authentication sessions. Both the switch and the server have a copy of the key; the key is never transmitted across the network. For more information, refer to “3. Configure the Switch To Access a RADIUS Server” on page 6-14in this guide.

RADIUS shared secret (encryption) keys can be saved in a configuration file by entering this command:

ProCurve(config)# radius-server key <keystring>

The option <keystring> is the encryption key (in clear text) used for secure communication with all or a specific RADIUS server.

SSH Client Public-Key Authentication

Secure Shell version 2 (SSHv2) is used by ProCurve switches to provide remote access to SSH-enabled management stations. Although SSH provides Telnet-like functions, unlike Telnet, SSH provides encrypted, two-way authenticated transactions. SSH client public-key authentication is one of the types of authentication used.

Client public-key authentication uses one or more public keys (from clients) that must be stored on the switch. Only a client with a private key that matches a public key stored on the switch can gain access at the manager or operator level. For more information about how to configure and use SSH public keys to authenticate SSH clients that try to connect to the switch, refer to “Configuring Secure Shell (SSH)” on page 8-1in this guide.

The SSH security credential that is stored in the running configuration file is configured with the ip ssh public-keycommand used to authenticate SSH clients for manager or operator access, along with the hashed content of each SSH client public-key.

Syntax: ip ssh public-key <manager operator> keystring

Set a key for public-key authentication.

manager: allows manager-level access using SSH public-key authentication.

operator: allows operator-level access using SSH public-key authentication.

2-16