Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Note on Port
Num b er
ProCurve recommends using the default TCP port number (22). However, you
can use ip ssh port to specify any TCP port for SSH connections except those
reserved for other purposes. Examples of reserved IP ports are 23 (Telnet)
and 80 (http). Some other reserved TCP ports on the switch are 49, 80, 1506,
and 1513.
ProCurve(config) ip ssh
Enable SSH
ProCurve(config)# show ip ssh
SSH Enabled : Yes Secure Copy Enabled : No
TCP Port Number : 22 Timeout (sec) : 120
IP Version : IPv4orIPv6
Host Key Type : RSA Host Key Size : 1024
Ciphers : aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,
rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
MACs : hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Ses Type | Source IP Port
--- -------- + ---------------------------------------------- ----
-
1 console |
2 telnet |
With SSH running, the switch allows one console
3 ssh | 12.255.255.255
session and up to five other sessions (SSH and/or
4 inactive |
Telnet). Web browser sessions are also allowed, but
5 inactive |
do not appear in the show ip ssh listing.
Figure 7-10. Example of Enabling IP SSH and Displaying the SSH Configuration
Caution Protect your private key file from access by anyone other than yourself. If
someone can access your private key file, they can then penetrate SSH security
on the switch by appearing to be you.
SSH does not protect the switch from unauthorized access via the web
interface, Telnet, SNMP, or the serial port. While web and Telnet access can
be restricted by the use of passwords local to the switch, if you are unsure of
the security this provides, you may want to disable web-based and/or Telnet
access (no web-management and no telnet). If you need to increase SNMP
security, you should use SNMP version 3 only. If you need to increase the
security of your web interface see the section on SSL. Another security
measure is to use the Authorized IP Managers feature described in the switch’s
Management and Configuration Guide. To protect against unauthorized
7-19
To Next Page
Loading...
Need help?
General