HP procurve 2500 사용자 설명서
92
Enhancements in Release F.04.08
Configuring Secure Shell (SSH)
5. Configuring the Switch for SSH Authentication
Note that all methods in this section result in authentication of the switch’s public key by an SSH
client. However, only Option B, below results in the switch also authenticating the client’s public key.
Also, for a more detailed discussion of the topics in this section, refer to “Further Information on
SSH Client Public-Key Authentication” on page -95.
client. However, only Option B, below results in the switch also authenticating the client’s public key.
Also, for a more detailed discussion of the topics in this section, refer to “Further Information on
SSH Client Public-Key Authentication” on page -95.
N o t e
Hewlett-Packard recommends that you always assign a Manager-Level (enable) password to the
switch. Without this level of protection, any user with Telnet, Web, or serial port access to the switch
can change the switch’s configuration. Also, if you configure only an Operator password, entering
the Operator password through Telnet, Web, or serial port access enables full manager privileges
switch. Without this level of protection, any user with Telnet, Web, or serial port access to the switch
can change the switch’s configuration. Also, if you configure only an Operator password, entering
the Operator password through Telnet, Web, or serial port access enables full manager privileges
.
Option A: Configuring SSH Access for Password-Only SSH Authentication.
When config-
ured with this option, the switch uses its public key to authenticate itself to a client, but uses only
passwords for client authentication.
passwords for client authentication.
Syntax:
aaa authentication ssh login < local | tacacs | radius >
Configures a password method for
[< local | none >]
the primary and secondary login
(Operator) access. If you do not
specify an optional secondary
method, it defaults to
(Operator) access. If you do not
specify an optional secondary
method, it defaults to
none.
aaa authentication ssh enable < local | tacacs | radius>
Configures a password method for
[< local | none >]
the primary and secondary enable
(Manager) access. If you do not
specify an optional secondary
method, it defaults to
(Manager) access. If you do not
specify an optional secondary
method, it defaults to
none.
Option B: Configuring the Switch for Client Public-Key SSH Authentication.
If configured
with this option, the switch uses its public key to authenticate itself to a client, but the client must
also provide a client public-key for the switch to authenticate. This option requires the additional
step of copying a client public-key file from a TFTP server into the switch. This means that before
you can use this option, you must:
also provide a client public-key for the switch to authenticate. This option requires the additional
step of copying a client public-key file from a TFTP server into the switch. This means that before
you can use this option, you must:
1.
Create a key pair on an SSH client.
2.
Copy the client’s public key into a public-key file (which can contain up to ten client public-keys).
3.
Copy the public-key file into a TFTP server accessible to the switch and download the file to
the switch.
the switch.