Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
31323334353637383940
authenticator (port-access) security credentials, and SSH client public keys in the
running configuration. (Earlier software releases store these security configuration
settings only in internal flash memory and do not allow you to include and view
them in the running-config file.)
To view the currently configured security settings in the running configuration, enter
one of the following commands:
show running-config: Displays the configuration settings in the current
running-config file.
write terminal: Displays the configuration settings in the current
running-config file.
See “Switch Memory and Configuration” in the Basic Operation Guide.
To view the current status of include-credentials on the switch, enter show
include-credentials. See “Displaying the status of include-credentials
on the switch” (page 32).
The [no] form of the command disables only the display and copying of these
security parameters from the running configuration, while the security settings remain
active in the running configuration.
Default: The security credentials described in “Security settings that can be saved”
(page 46) are not stored in the running configuration.
radius-tacacs-only
When executed with the radius-tacacs-only option, only the RADIUS and
TACACS security keys are included in the configuration when saving files
remotely.
The radius-tacacs-only option can be disabled with either command
[no]include-credentials
[no]include-credentials radius-tacacs-only
store-in-config:
Stores passwords and SSH authorized keys in the configuration files. This
happens automatically when include-credentials is enabled.
[no]include-credentials store-in-config
The [no]include-credentials store-in-config command disables
includecredentials and removes credentials stored in the configuration
files. The switch reverts to storing only a single set of passwords and SSH keys,
regardless of which configuration file is booted.
Setting an encrypted password
Use this command to set an encrypted password.
Syntax:
[no]encrypted-password <manager| operator| port-access>
[user-name user-name]encrypted-password-string
Set a local password using an encrypted password string.
encrypted-password-string
Creates a password as a base64–encoded aes256–encrypted string.
Setting an encrypted password 35