HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 221

 
211 
Task Remarks 
Generating a DSA or RSA key pair Required 
Enabling the SSH server function Required 
Configuring the user interfaces for SSH clients Required 
Configuring a client public key Required for publickey authentication users and 
optional for password authentication users 
Configuring an SSH user Optional 
Setting the SSH management parameters Optional 
 
Generating a DSA or RSA key pair 
In  the  key and algorithm  negotiation stage,  the DSA  or RSA key  pair is  required to  generate...

Page 222

 
212 
To do… Use the command… Remarks 
Enable the SSH server function ssh server enable Required 
Disabled by default 
 
Configuring the user interfaces for SSH clients 
An SSH client accesses the device through a VTY user interface. You must configure the user interfaces for 
SSH  clients  to  allow  SSH  login. The  configuration  takes  effect only for  clients  logging  in  after  the 
configuration. 
Follow these steps to configure the protocols for the current user interface to support: 
To do…...

Page 223

 
213 
importing the public key, you must upload the public key file (in binary) to the local host through FTP 
or TFTP.  
 CAUTION: 
 HP recommends you to configure a client public key by importing it from a public key file.  
 You can configure up to 20 client public keys on an SSH server.  
Configuring a client public key manually 
Follow these steps to configure the client public key manually: 
To do… Use the command… Remarks 
Enter system view system-view — 
Enter public key view public-key peer...

Page 224

 
214 
Follow these steps to configure an SSH user and specify the service type and authentication mode: 
To do… Use the command… Remarks 
Enter system view system-view — 
Create an SSH 
user, and 
specify the 
service type 
and 
authentication 
mode 
For Stelnet 
users 
ssh user username service-type 
stelnet authentication-type { 
password | { any | password-
publickey | publickey } assign 
publickey keyname } Required 
Use either command. 
For all users or 
SFTP users 
ssh user username service-type {...

Page 225

 
215 
To do… Use the command… Remarks 
Enter system view system-view — 
Enable the SSH server to support 
SSH1 clients 
ssh server compatible-ssh1x 
enable 
Optional 
By default, the SSH server 
supports SSH1 clients. 
Set the RSA server key pair 
update interval ssh server rekey-interval hours 
Optional 
By default, the interval is 0, and 
the RSA server key pair is not 
updated. 
Set the SSH user authentication 
timeout period 
ssh server authentication-timeout 
time-out-value 
Optional 
60 seconds by...

Page 226

 
216 
To do… Use the command… Remarks 
Specify a 
source IPv6 
address or 
interface for 
the SSH client 
ssh client ipv6 source { ipv6 ipv6-address | 
interface interface-type interface-number } 
client uses the IP 
address of the 
interface specified 
by the route of the 
device to access 
the SSH server. 
 
Configuring whether first-time authentication is supported 
When  the  device  connects  to  the SSH server  as  an  SSH  client,  you  can  configure whether  the  device 
supports first-time...

Page 227

 
217 
Establishing a connection between the SSH client and server 
Follow these steps to establish the connection between the SSH client and the server: 
To do... Use the command… Remarks 
Establish a 
connection 
between the 
SSH client and 
the server, and 
specify the 
public key 
algorithm, 
preferred 
encryption 
algorithm, 
preferred 
HMAC 
algorithm and 
preferred key 
exchange 
algorithm 
For an IPv4 
server 
ssh2 server [ port-number ] [identity-key 
{ dsa | rsa } | prefer-ctos-cipher { 3des 
|...

Page 228

 
218 
 NOTE: 
For more information about the display public-key local and display public-key peer commands, see 
the Security Command Reference.  
SSH server configuration examples 
When switch acts as server for password authentication 
Network requirements 
As  shown  in Figure  58,  an SSH connection  is required between  the host and  the switch for secure data 
exchange. Use  password  authentication  and  configure  a  username  and  password for  the  host on  the 
switch. 
Figure 58 Switch acts...

Page 229

 
219 
# Enable the SSH server. 
[Switch] ssh server enable 
#  Configure  an  IP  address  for VLAN-interface 1.  This  address  will  serve  as  the destination of  the  SSH 
connection. 
[Switch] interface vlan-interface 1 
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0 
[Switch-Vlan-interface1] quit 
# Set the authentication mode for the user interfaces to AAA. 
[Switch] user-interface vty 0 4 
[Switch-ui-vty0-4] authentication-mode scheme 
# Enable the user interfaces to support SSH....

Page 230

 
220 
Figure 59 SSH client configuration interface 
 
 
Click Open to  connect to  the server.  If  the  connection  is  normal,  you  will  be  prompted  to enter  the 
username and password. After entering the username client001 and password aabbcc, you can enter the 
configuration interface of the server.  
When switch acts as server for publickey authentication 
Network requirements 
As  shown  in Figure  60,  an SSH connection  is required between  the host and  the switch for secure data...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals