HP (Hewlett-Packard) 2650 (J4899A/B) ユーザーズマニュアル
6-2
Configuring Secure Shell (SSH)
Overview
Overview
Overview
The ProCurve switches covered in this guide use Secure Shell version 1 or 2
(SSHv1 or SSHv2) to provide remote access to management functions on the
switches via encrypted paths between the switch and management station
clients capable of SSH operation.
(SSHv1 or SSHv2) to provide remote access to management functions on the
switches via encrypted paths between the switch and management station
clients capable of SSH operation.
SSH provides Telnet-like functions but, unlike Telnet, SSH provides encrypted,
authenticated transactions. The authentication types include:
authenticated transactions. The authentication types include:
■
Client public-key authentication
■
Switch SSH and user password authentication
Client Public Key Authentication (Login/Operator Level) with User
Password Authentication (Enable/Manager Level).
Password Authentication (Enable/Manager Level).
This option uses
one or more public keys (from clients) that must be stored on the switch. Only
a client with a private key that matches a stored public key can gain access
to the switch. (The same private key can be stored on one or more clients.)
a client with a private key that matches a stored public key can gain access
to the switch. (The same private key can be stored on one or more clients.)
Figure 6-1. Client Public Key Authentication Model
Feature
Default
Menu
CLI
Web
Generating a public/private key pair on the switch
No
n/a
page 6-10
n/a
Using the switch’s public key
n/a
n/a
page 6-12
n/a
Enabling SSH
Disabled
n/a
page 6-15
n/a
Enabling client public-key authentication
Disabled
n/a
n/a
Enabling user authentication
Disabled
n/a
page 6-18
n/a
ProCurve
Switch
(SSH
Server)
1. Switch-to-Client SSH authentication.
2.Client-to-Switch (login rsa) authentication
3.User-to-Switch (enable password) authentication
options:
– Local
– TACACS+
– RADIUS
– None
– TACACS+
– RADIUS
– None
SSH
Client
Work-
Station