KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

221

222

223

224

225

226

227

228

229

230

5. Configure the primary and secondary authentication methods for the switch to use. In all cases,

the switch will use its host public key to authenticate itself when initiating an SSH session with

a client.

• SSH Login (operator) options:

Option A:•

Primary: Local, TACACS+, or RADIUS password

Secondary: Local password or none.

If the primary option is local, the secondary option must be none.

• Option B:

Primary: Client public-key authentication (“SSH client public-key authentication

notes” (page 243))

Secondary: none

Note: If you want the switch to perform client public-key authentication, you must

configure the switch with Option B.

• SSH Enable (manager) options:

Primary: Local, TACACS+, or RADIUS

Secondary: Local password or none. If the primary option is local, the secondary

option must be none.

6. Use your SSH client to access the switch using the switch IP address or DNS name (if allowed

by your SSH client application). See the documentation provided with the client application.

Configuring the switch for SSH operation

1. Assign a local login (operator) and enable (manager) password.

At a minimum, HP recommends that you always assign at least a manager password to the

switch. Otherwise, under some circumstances, anyone with Telnet, web, or serial port access

could modify the switch configuration.

To configure local passwords

You can configure both the operator and manager password with one command.

Syntax:

password < manager | operator | all>

Figure 162 Example of configuring local passwords

2. Generate the switch public and private key pair.

A public and private host key pair must be generated on the switch. The switch uses this key

pair along with a dynamically generated session key pair to negotiate an encryption method

and session with an SSH client trying to connect to the switch.

The host key pair is stored in the switch flash memory, and only the public key in this pair is

readable. The public key should be added to a "known hosts" file (for example,

$HOME/.ssh/known_hosts on UNIX systems) on the SSH clients which should have access

228 Secure Shell (SSH)