HP (Hewlett-Packard) 445946-001 ユーザーズマニュアル
Accessing the switch
34
A value of 0 denotes that RSA server key autogeneration is disabled. When greater than 0, the switch will
auto generate the RSA server key every specified interval; however, RSA server key generation is skipped
if the switch is busy doing other key or cipher generation when the timer expires.
The switch will perform only one session of key/cipher generation at a time. Thus, an SSH/SCP client will
The switch will perform only one session of key/cipher generation at a time. Thus, an SSH/SCP client will
not be able to log in if the switch is performing key generation at that time, or if another client has logged
in immediately prior. Also, key generation will fail if an SSH/SCP client is logging in at that time.
SSH/SCP integration with RADIUS and TACACS+ authentication
SSH/SCP is integrated with RADIUS and TACACS+ authentication. After the RADIUS or TACACS+ server
is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified
is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified
RADIUS or TACACS+ servers for authentication. The redirection is transparent to the SSH clients.
User access control
The switch allows an administrator to define end user accounts that permit end users to perform limited
actions on the switch. Once end user accounts are configured and enabled, the switch requires
actions on the switch. Once end user accounts are configured and enabled, the switch requires
username/password authentication.
For example, an administrator can assign a user who can log into the switch and perform operational
For example, an administrator can assign a user who can log into the switch and perform operational
commands (effective only until the next switch reboot).
The administrator defines access levels for each switch user, as shown in the following table.
The administrator defines access levels for each switch user, as shown in the following table.
Table 6
User access levels
User account
Description
Password
Administrator
The Administrator has complete access to all menus, information, and
configuration commands on the switch, including the ability to change both
configuration commands on the switch, including the ability to change both
the user and administrator passwords.
admin
Operator
The Operator manages all functions of the switch. The Operator can reset
ports or the entire switch.
ports or the entire switch.
oper
User
The User has no direct responsibility for switch management.
Users can view all switch status information and statistics but cannot make
any configuration changes to the switch.
Users can view all switch status information and statistics but cannot make
any configuration changes to the switch.
user
Passwords can be up to 128 characters in length for TACACS+, Telnet, SSH, console, and BBI access.
When RADIUS authentication is used, the maximum password length is 32 characters.
If RADIUS authentication is used, the user password on the Radius server will override the user password
on the switch. Also note that the password-change command on the switch modifies only the
If RADIUS authentication is used, the user password on the Radius server will override the user password
on the switch. Also note that the password-change command on the switch modifies only the
use
switch
password and has no effect on the user password on the Radius server. RADIUS authentication
and user password cannot be used concurrently to access the switch.