To Next Page

To Previous Page

4-12

Configuring Secure Shell (SSH)

Configuring the Switch for SSH Operation

For example, to generate and display a new key:

Figure 4-7. Example of Generating a Public/Private Host Key Pair for the Switch

Notes "Zeroizing" the switch’s key automatically disables SSH (sets IP SSH to No).

Thus, if you zeroize the key and then generate a new key, you must also re-

enable SSH with the ip ssh command before the switch can resume SSH

operation.

3. Providing the Switch’s Public Key to Clients

When an SSH client contacts the switch for the first time, the client will

challenge the connection unless you have already copied the key into the

client’s "known host" file. Copying the switch’s key in this way reduces the

chance that an unauthorized device can pose as the switch to learn your access

passwords. The most secure way to acquire the switch’s public key for

distribution to clients is to use a direct, serial connection between the switch

and a management device (laptop, PC, or UNIX workstation), as described

below.

Note on the

Public Key

Format

The switch uses SSH version 1, but can be authenticated by SSH version 2

clients that are backwards-compatible to SSHv1. However, if your SSH client

supports SSHv2, then it may use the PEM format for storing the switch’s public

key in its "known host" file. In this case, the following procedure will not work

for the client unless you have a method for converting the switch’s ASCII-

string public key into the PEM format. If you do not have a conversion method,

then you can still set up authentication of the switch to the client over the

network by simply using your client to contact the switch and then accepting

the resulting challenge that your client should pose to accepting the switch.

This should be acceptable as long as you are confident that there is no "man-

in-the-middle" spoofing attempt during the first contact. Because the client

will acquire the switch’s public key after you accept the challenge, subsequent

contacts between the client and the switch should be secure.

Host Public

Key for the

Switch

!FishSecurity.book Page 12 Thursday, October 10, 2002 9:19 PM

Questions and Answers:

Need help?

Do you have a question about the HP ProCurve Switch 2650 and is the answer not in the manual?

HP ProCurve Switch 2650 Specifications

General

Switching Capacity	13.6 Gbps
Forwarding Rate	10.1 Mpps
Layer	Layer 2
Form Factor	Rack-mountable
Flash Memory	8 MB
Jumbo Frame Support	Yes
Power Supply	Internal
Management	Web, CLI, SNMP
Features	VLAN support, IGMP snooping, QoS
Operating Temperature	0°C to 45°C (32°F to 113°F)
Operating Humidity	15% to 95% (non-condensing)
Ports	48 x 10/100
MAC Address Table Size	8, 000 entries