Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
21222324252627282930
RADIUS shared-secret key authentication
You can use RADIUS servers as the primary authentication method for users who request access
to a switch through Telnet, SSH, console, or port access (802.1X). The shared secret key is a text
string used to encrypt data in RADIUS packets transmitted between a switch and a RADIUS server
during authentication sessions. Both the switch and the server have a copy of the key; the key is
never transmitted across the network.
RADIUS shared secret (encryption) keys can be saved in a configuration file by entering this
command:
HP Switch(config)# radius-server key<keystring>
The option <keystring> is the encryption key (in clear text) used for secure communication with
all or a specific RADIUS server.
SSH client public-key authentication
Secure Shell version 2 (SSHv2) is used by HP switches to provide remote access to SSH-enabled
management stations. Although SSH provides Telnetlike functions, unlike Telnet, SSH provides
encrypted, two-way authenticated transactions. SSH client public-key authentication is one of the
types of authentication used.
Client public-key authentication uses one or more public keys (from clients) that must be stored on
the switch. Only a client with a private key that matches a public key stored on the switch can gain
access at the manager or operator level. For more information about how to configure and use
SSH public keys to authenticate SSH clients that try to connect to the switch, see “Secure Shell
(SSH)” (page 227).
The SSH security credential that is stored in the running configuration file is configured with the
ip ssh public-key command used to authenticate SSH clients for manager or operator access,
along with the hashed content of each SSH client public key.
Syntax
ip ssh public-key <manager|operator>keystring
Set a key for public-key authentication.
manager
Allows manager-level access using SSH public-key authentication.
operator
Allows operator-level access using SSH public-key authentication.
keystring
A legal SSHv2 (RSA or DSA) public key. The text string for the public key must
be a single quoted token. If the keystring contains double-quotes, it can be
Security credentials 29