HP procurve 2500 사용자 설명서
96
Enhancements in Release F.04.08
Configuring Secure Shell (SSH)
b.
Uses MD5 to create a hash version of this information.
c.
Returns the hash version to the switch.
7.
The switch computes its own hash version of the data in step 6 and compares it to the client’s
hash version. If they match, then the client is authenticated. Otherwise, the client is denied
access.
hash version. If they match, then the client is authenticated. Otherwise, the client is denied
access.
Using client public-key authentication requires these steps:
1.
Generate a public/private key pair for each client you want to have SSH access to the switch.
This can be a separate key for each client or the same key copied to several clients.
This can be a separate key for each client or the same key copied to several clients.
2.
Copy the public key for each client into a client-public-key text file. (For the SSHv1 application
used in the switch, this must be in the ASCII format (without PEM or any other encoding). If
you are using an SSHv2 client application that creates its public key in a PEM-encoded ASCII
string, you will need to convert the client’s public key to a non-encoded version. Refer to the
documentation provided with the application.)
used in the switch, this must be in the ASCII format (without PEM or any other encoding). If
you are using an SSHv2 client application that creates its public key in a PEM-encoded ASCII
string, you will need to convert the client’s public key to a non-encoded version. Refer to the
documentation provided with the application.)
3.
Use
copy tftp to copy the client-public-key file into the switch. Note that the switch can hold only
one of these files. If there is already a client-public-key file in the switch and you copy another
one into the switch, the second file replaces the first file.
one into the switch, the second file replaces the first file.
4.
Use the
aaa authentication ssh command to enable client public-key authentication.
To Create a Client-Public-Key Text File.
These steps describe how to copy client-public-keys
into the switch for RSA challenge-response authentication, and require an understanding of how to
use your SSH client application.
use your SSH client application.
Figure 39. Example of a Client Public Key
N o t e s
Comments in public key files, such as smith@support.cairns.com in figure 39, may appear in
a SSH client application’s generated public key. While such comments may help to distinguish one
key from another, they do not pose any restriction on the use of a key by multiple clients and/or users.
a SSH client application’s generated public key. While such comments may help to distinguish one
key from another, they do not pose any restriction on the use of a key by multiple clients and/or users.
Public key illustrations such as the key shown in figure 39 usually include line breaks as a method
for showing the whole key. However, in practice, line breaks in a public key will cause errors resulting
in authentication failure.
for showing the whole key. However, in practice, line breaks in a public key will cause errors resulting
in authentication failure.
Bit Size
Public Index
Modulus
Comment