Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
231232233234235236237238239240
[ listen <oobm | data | both> ]
The listen parameter is available only on switches that have a separate
out-of-band management port. Values for this parameter are:
oobm — inbound SSH access is enabled only on the out-of-band management
port.
data — inbound SSH access is enabled only on the data ports.
both inbound SSH access is enabled on both the out-of-band management
port and on the data ports. This is the default value.
See "Network Out-of-Band Management" in the Management and Configuration
Guide for more information on out-of-band management.
The listen parameter is not available on switches that do not have a separate
out-of-band management port.
NOTE: HP recommends using the default TCP port number (22). However, you
can use ip ssh port to specify any TCP port for SSH connections except those
reserved for other purposes. Examples of reserved port numbers reserved IP ports
are 23 (Telnet) and 80 (http). Some other reserved TCP ports on the switch are 49,
80, 1506, and 1513.
Figure 168 Enabling IP SSH and displaying the SSH configuration
CAUTION: Protect your private key file from access by anyone other than yourself. If
someone can access your private key file, they can penetrate SSH security on the switch
by appearing to be you.
SSH does not protect the switch from unauthorized access via the WebAgent, Telnet,
SNMP, or the serial port. While WebAgent and Telnet access can be restricted by the
use of passwords local to the switch, if you are unsure of the security this provides, you
may want to disable web-based and/or Telnet access (no web-management and no
Telnet). If you need to increase SNMP security, use SNMP version 3 only. To increase
the security of your web interface see the section on SSL.
For an additional security measure, see the authorized IP managers feature in the
Management and Configuration Guide for your switch. To protect against unauthorized
access to the serial port (and the Clear button, which removes local password protection),
keep physical access to the switch restricted to authorized personnel.
Configuring 235