KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

221

222

223

224

225

226

227

228

229

230

to the switch. Some SSH client applications automatically add the switch public key to a

"known hosts" file. Other SSH applications require you to manually create a known hosts file

and place the switch public key in the file. See the documentation for your SSH client

application for more details.

Note: The session key pair mentioned above is not visible on the switch. It is a temporary,

internally generated pair used for a particular switch/client session, and then discarded.

NOTE: When generating a host key pair on the switch, the switch places the key pair in

flash memory and not in the running-config file. Also, the switch maintains the key pair across

reboots, including power cycles. Consider this key pair to be "permanent" and avoid

re-generating the key pair without a compelling reason. Otherwise, you must re-introduce the

switch public key on all management stations you have set up for SSH access to the switch

using the earlier pair.

Removing (zeroing) the switch public/private key pair renders the switch unable to engage

in SSH operation and automatically disables IP SSH on the switch. To verify whether SSH is

enabled, execute show ip ssh. However, any active SSH sessions will continue to run,

unless explicitly terminated with the CLI kill command.

To generate or erase the switch public/private host key pair

Because the host key pair is stored in flash instead of the running-config file, it is not necessary

touse write memoryto save the key pair. Erasing the key pair automatically disables SSH.

Syntax:

crypto key generate <autorun-key [ rsa ] | cert [ rsa

]<keysize> | ssh [ dsa | rsa ]bits<keysize>>

Installs authentication files for ssh or https server, or for autorun.

autorun-key

Install RSA key for autorun. See "Configuring Autorun on the Switch" in the

Management and Configuration Guide for more information.

cert

Install RSA key for https certificate.

Use your SSL enabled browser to access the switch using the switch IP address or

DNS name (if allowed by your browser). See the documentation provided with the

browser application for more information.

ssh [ dsa | rsa ]

Install host key for ssh server. Specify the key type as DSA or RSA.

bits <keysize>

Specify the key size (in bits).

zeroizeh <ssh | cert | autorun [ rsa> ]

Erases the switch public/private key pair and disables SSH operation.

show crypto host-public-key

Displays switch public key. Displays the version 1 and version 2 views of the key.

See “SSH client public-key authentication” (page 29) for information about public

keys saved in a configuration file.

[babble]

Displays hashes of the switch public key in phonetic format, see“Displaying the

Public Key” (page 232).

Configuring 229