To Next Page

To Previous Page

4-17

Configuring Secure Shell (SSH)

Configuring the Switch for SSH Operation

Note on Port

Number

The ip ssh key-size command affects only a per-session, internal server key the

switch creates, uses, and discards. This key is not accessible from the user

interface. The switch’s public (host) key is a separate, accessible key that is

always 896 bits.

HP recommends using the default IP port number (22). However, you can use

ip ssh port to specify any TCP port for SSH connections except those reserved

for other purposes. Examples of reserved IP ports are 23 (Telnet) and 80 (http).

Some other commonly reserved IP ports are 49, 80, 1506, and 1513.

Figure 4-12. Example of Enabling IP SSH and Listing the SSH Configuration and Status

Caution Protect your private key file from access by anyone other than yourself. If

someone can access your private key file, they can then penetrate SSH security

on the switch by appearing to be you.

SSH does not protect the switch from unauthorized access via the web

interface, Telnet, SNMP, or the serial port. While web and Telnet access can

be restricted by the use of passwords local to the switch, if you are unsure of

the security this provides, you may want to disable web-based and/or Telnet

access (no web-management and no telnet). If you need to increase SNMP

security, use the snmp security command. Another security measure is to use

the Authorized IP Managers feature described in the switch’s Management

and Configuration Guide. To protect against unauthorized access to the

serial port (and the Clear button, which removes local password protection),

keep physical access to the switch restricted to authorized personnel.

The switch uses these three settings internally for

transactions with clients. See the Note, below.

Enables SSH on the switch.

Lists the current SSH

configuration and status.

With SSH running, the switch allows one console

session and up to three other sessions (SSH and/or

Telnet). Web browser sessions are also allowed, but

does not appear in the show ip ssh listing.

!FishSecurity.book Page 17 Thursday, October 10, 2002 9:19 PM

Questions and Answers:

Need help?

Do you have a question about the HP ProCurve Switch 2650 and is the answer not in the manual?

HP ProCurve Switch 2650 Specifications

General

Switching Capacity	13.6 Gbps
Forwarding Rate	10.1 Mpps
Layer	Layer 2
Form Factor	Rack-mountable
Flash Memory	8 MB
Jumbo Frame Support	Yes
Power Supply	Internal
Management	Web, CLI, SNMP
Features	VLAN support, IGMP snooping, QoS
Operating Temperature	0°C to 45°C (32°F to 113°F)
Operating Humidity	15% to 95% (non-condensing)
Ports	48 x 10/100
MAC Address Table Size	8, 000 entries