The HP documentation is there.

  • Up to 10 id_rsa.pub ssh keys can be put on a /tftp/sw.pub file on dns-sx-01.
  • On the switch, enter the following commands :
    • crypto key generate ssh
    • ip ssh
    • copy tftp pub-key-file 10.128.16.5 sw.pub
    • aaa authentication ssh login public-key none
    • write memory

A user who has his RSA public key in sw.pub can no connect with ssh without password to the switch. He still has to enter enable (or just en) to administer the switch. If there is a manager password set, the user has to enter it. If there is no password, we can also use telnet without password. So we should disable telnet with the command no telnet-server (check that ssh works before). We have the same problem for web access, but read-only web access could be nice to have a quick view of the switch. I tried to set Radius Server as enable authentication method. It now asks for username/password when trying to do some admin task with web access and, as we don't have any radius server, it fails. So this seems to be ok.

-- LoicBrarda - 28 Nov 2007

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2007-11-28 - LoicBrarda
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LHCb All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback