HP procurve 2500 사용자 설명서

    82

Configuring Secure Shell (SSH)

The general steps for configuring SSH include:

A. Client Preparation

1.

Install an SSH client application on a management station you want to use for access to the 
switch. (Refer to the documentation provided with your SSH client application.)

2.

Optional—If you want the switch to authenticate a client public-key on the client:

a.Either generate a public/private key pair on the client computer or (if your client 

application allows) or import a client key pair that you have generated using another 
SSH application.

b.Copy the client public key into an ASCII file on a TFTP server accessible to the switch 

and download the client public key file to the switch . (The client public key file can hold 
up to 10 client keys.) This topic is covered under “To Create a Client-Public-Key Text 
File” on page 96.

B. Switch Preparation

1.

2.

You need to do this only once. The key remains in the switch even if you reset the switch to 
its factory-default configuration. (You can remove or replace this key pair, if necessary.)

3.

Copy the switch’s public key to the SSH clients you want to access the switch (page 87).

4.

5.

Configure the primary and secondary authentication methods you want the switch to use. 
In all cases, the switch will use its host-public-key to authenticate itself when initiating an 
SSH session with a client.

•SSH Login (Operator) options:

–Option A:

Primary: Local, TACACS+, or RADIUS password
Secondary: Local password or none

–Option B:

Primary: Client public-key authentication (

login rsa — page 95)

Secondary: Local password or none

Note that if you want the switch to perform client public-key authentication, you must 
configure the switch with Option B.

•SSH Enable (Manager) options:

Primary: Local, TACACS+, or RADIUS
Secondary: Local password or none