HP procurve 2500 Manuel D’Utilisation
91
Enhancements in Release F.04.08
Configuring Secure Shell (SSH)
Configuring Secure Shell (SSH)
N o t e o n P o r t N u m b e r
The
ip ssh key-size command affects only a per-session, internal server key the switch creates, uses,
and discards. This key is not accessible from the user interface. The switch’s public (host) key is a
separate, accessible key that is always 896 bits.
separate, accessible key that is always 896 bits.
HP recommends using the default IP port number (22). However, you can use
ip ssh port to specify
any TCP port for SSH connections except those reserved for other purposes. Examples of reserved
IP ports are 23 (Telnet) and 80 (http). Some other commonly reserved IP ports are 49, 80, 1506, and
1513.
IP ports are 23 (Telnet) and 80 (http). Some other commonly reserved IP ports are 49, 80, 1506, and
1513.
Figure 36. Example of Enabling IP SSH and Listing the SSH Configuration and Status
C a u t i o n
Protect your private key file from access by anyone other than yourself. If someone can access your
private key file, they can then penetrate SSH security on the switch by appearing to be you.
private key file, they can then penetrate SSH security on the switch by appearing to be you.
SSH does not protect the switch from unauthorized access via the Web interface, Telnet, SNMP, or
the serial port. While Web and Telnet access can be restricted by the use of passwords local to the
switch, if you are unsure of the security this provides, you may want to disable Web-based and/or
Telnet access (
the serial port. While Web and Telnet access can be restricted by the use of passwords local to the
switch, if you are unsure of the security this provides, you may want to disable Web-based and/or
Telnet access (
no web-management and no telnet). If you need to increase SNMP security, use the snmp
security command. Another security measure is to use the Authorized IP Managers feature described
in the switch’s Management and Configuration Guide. To protect against unauthorized access to
the serial port (and the Clear button, which removes local password protection), keep physical access
to the switch restricted to authorized personnel.
in the switch’s Management and Configuration Guide. To protect against unauthorized access to
the serial port (and the Clear button, which removes local password protection), keep physical access
to the switch restricted to authorized personnel.
The switch uses these three settings internally for
transactions with clients. See the Note, below.
transactions with clients. See the Note, below.
Enables SSH on the switch.
Lists the current SSH
configuration and status.
configuration and status.
With SSH running, the switch allows one console
session and up to three other sessions (SSH and/or
Telnet). Web browser sessions are also allowed, but
does not appear in the show ip ssh listing.
session and up to three other sessions (SSH and/or
Telnet). Web browser sessions are also allowed, but
does not appear in the show ip ssh listing.