Difference: EnableSSHonHP (1 vs. 4)

Revision 42008-04-15 - GuomingLiu

Line: 1 to 1
 
META TOPICPARENT name="NetworkManagement"
The HP documentation is there.
Line: 6 to 6
 
  • On the switch, enter the following commands :
    • crypto key generate ssh
    • ip ssh
Changed:
<
<
    • copy tftp pub-key-file 10.128.16.5 sw.pub
    • aaa authentication ssh login public-key none (this allow to login as operator)
>
>
    • copy tftp pub-key-file 10.128.16.5 sw.pub manager
 
    • aaa authentication ssh enable public-key none (this allow to login as manager)
    • write memory
Changed:
<
<
A user who has his RSA public key in sw.pub can now connect with ssh without password to the switch. He still has to enter enable (or just en) to administer the switch. If there is a manager password set, the user has to enter it. If there is no password, we can also use telnet without password. So we should disable telnet with the command no telnet-server (check that ssh works before). We have the same problem for web access, but read-only web access could be nice to have a quick view of the switch. I tried to set Radius Server as enable authentication method. It now asks for username/password when trying to do some admin task with web access and, as we don't have any radius server, it fails. So this seems to be ok.
>
>
A user who has his RSA public key in sw.pub can now connect with ssh without password to the switch.
ssh sw-xxxx-xx 

So we should disable telnet with the command no telnet-server (check that ssh works before). We have the same problem for web access, but read-only web access could be nice to have a quick view of the switch. I tried to set Radius Server as enable authentication method. It now asks for username/password when trying to do some admin task with web access and, as we don't have any radius server, it fails. So this seems to be ok.

  -- LoicBrarda - 28 Nov 2007 -- GuomingLiu - 08 Apr 2008

Revision 32008-04-08 - GuomingLiu

Line: 1 to 1
 
META TOPICPARENT name="NetworkManagement"
The HP documentation is there.
Line: 7 to 7
 
    • crypto key generate ssh
    • ip ssh
    • copy tftp pub-key-file 10.128.16.5 sw.pub
Changed:
<
<
    • aaa authentication ssh login public-key none
>
>
    • aaa authentication ssh login public-key none (this allow to login as operator)
    • aaa authentication ssh enable public-key none (this allow to login as manager)
 
    • write memory

A user who has his RSA public key in sw.pub can now connect with ssh without password to the switch. He still has to enter enable (or just en) to administer the switch. If there is a manager password set, the user has to enter it. If there is no password, we can also use telnet without password. So we should disable telnet with the command no telnet-server (check that ssh works before). We have the same problem for web access, but read-only web access could be nice to have a quick view of the switch. I tried to set Radius Server as enable authentication method. It now asks for username/password when trying to do some admin task with web access and, as we don't have any radius server, it fails. So this seems to be ok.

-- LoicBrarda - 28 Nov 2007 \ No newline at end of file

Added:
>
>
-- GuomingLiu - 08 Apr 2008

Revision 22007-12-05 - LoicBrarda

Line: 1 to 1
 
META TOPICPARENT name="NetworkManagement"
The HP documentation is there.
Line: 10 to 10
 
    • aaa authentication ssh login public-key none
    • write memory
Changed:
<
<
A user who has his RSA public key in sw.pub can no connect with ssh without password to the switch. He still has to enter enable (or just en) to administer the switch. If there is a manager password set, the user has to enter it. If there is no password, we can also use telnet without password. So we should disable telnet with the command no telnet-server (check that ssh works before). We have the same problem for web access, but read-only web access could be nice to have a quick view of the switch. I tried to set Radius Server as enable authentication method. It now asks for username/password when trying to do some admin task with web access and, as we don't have any radius server, it fails. So this seems to be ok.
>
>
A user who has his RSA public key in sw.pub can now connect with ssh without password to the switch. He still has to enter enable (or just en) to administer the switch. If there is a manager password set, the user has to enter it. If there is no password, we can also use telnet without password. So we should disable telnet with the command no telnet-server (check that ssh works before). We have the same problem for web access, but read-only web access could be nice to have a quick view of the switch. I tried to set Radius Server as enable authentication method. It now asks for username/password when trying to do some admin task with web access and, as we don't have any radius server, it fails. So this seems to be ok.
  -- LoicBrarda - 28 Nov 2007

Revision 12007-11-28 - LoicBrarda

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="NetworkManagement"
The HP documentation is there.

  • Up to 10 id_rsa.pub ssh keys can be put on a /tftp/sw.pub file on dns-sx-01.
  • On the switch, enter the following commands :
    • crypto key generate ssh
    • ip ssh
    • copy tftp pub-key-file 10.128.16.5 sw.pub
    • aaa authentication ssh login public-key none
    • write memory

A user who has his RSA public key in sw.pub can no connect with ssh without password to the switch. He still has to enter enable (or just en) to administer the switch. If there is a manager password set, the user has to enter it. If there is no password, we can also use telnet without password. So we should disable telnet with the command no telnet-server (check that ssh works before). We have the same problem for web access, but read-only web access could be nice to have a quick view of the switch. I tried to set Radius Server as enable authentication method. It now asks for username/password when trying to do some admin task with web access and, as we don't have any radius server, it fails. So this seems to be ok.

-- LoicBrarda - 28 Nov 2007

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback