System information

ManualsBrandsProCurve ManualsComputer equipment3400cl

131

132

133

134

135

136

137

138

139

140

Configuring Secure Shell (SSH)

Terminology

Note SSH in HP Procurve switches is based on the OpenSSH software toolkit. For

more information on OpenSSH, visit http://www.openssh.com

Switch SSH and User Password Authentication . This option is a subset

of the client public-key authentication show in figure 6-1. It occurs if the switch

has SSH enabled but does not have login access (login public-key) configured

to authenticate the client’s key. As in figure

6-1, the switch authenticates itself

to SSH clients. Users on SSH clients then authenticate themselves to the

switch (login and/or enable levels) by providing passwords stored locally on

the switch or on a TACACS+ or RADIUS server. However, the client does not

use a key to authenticate itself to the switch.

Switch

(SSH

Server)

SSH

Client

Work-

Station

1. Switch-to-Client SSH

2. User-to-Switch (login password and

enable password authentication)

options:

– Local

– TACACS+

Figure 6-2. Switch/User Authentication

On the switches covered by this guide, SSH supports these data encryption

methods:

■ 3DES (168-bit)

■ DES (56-bit)

Note HP ProCurve switches use RSA keys for internally generated keys (v1/v2

shared host key & v1 server key). The switch supports both RSA and DSA/DSS

keys for clients. All references to either a public or private key mean keys

generated using these algorithms, unless otherwise noted

Terminology

■ SSH Server: An HP switch with SSH enabled.

■ Key Pair: A pair of keys generated by the switch or an SSH client

application. Each pair includes a public key, that can be read by

anyone and a private key held internally in the switch or by a client.

6-3