HP FlexFabric 11000 Switch Products : R21xx-HP FlexFabric 11900 Security Configuration Guide : Page 4

ii

Enabling password control ··········································································································································· 60

Setting global password control parameters ·············································································································· 61

Setting user group password control parameters ······································································································· 62

Setting local user password control parameters ········································································································· 62

Setting super password control parameters ················································································································ 63

Displaying and maintaining password control ··········································································································· 64

Password control configuration example ···················································································································· 64

Managing public keys ··············································································································································· 67

Overview ········································································································································································· 67

FIPS compliance ····························································································································································· 67

Creating a local key pair ·············································································································································· 67

Configuration guidelines ······································································································································ 67

Configuration procedure ······································································································································ 68

Distributing a local host public key ······························································································································ 69

Exporting a host public key in a specific format to a file ·················································································· 69

Displaying a host public key in a specific format and saving it to a file ························································ 69

Displaying a host public key ································································································································ 70

Destroying a local key pair ··········································································································································· 70

Configuring a peer public key ······································································································································ 71

Importing a peer host public key from a public key file ···················································································· 71

Entering a peer public key ··································································································································· 71

Displaying and maintaining public keys ····················································································································· 72

Example for entering a peer public key ······················································································································ 72

Network requirements ··········································································································································· 72

Configuration procedure ······································································································································ 72

Verifying the configuration ··································································································································· 73

Example for importing a public key from a public key file ······················································································· 74

Network requirements ··········································································································································· 74

Configuration procedure ······································································································································ 74

Verifying the configuration ··································································································································· 76

Configuring SSH ························································································································································ 77

Overview ········································································································································································· 77

How SSH works ····················································································································································· 77

SSH authentication methods ································································································································· 78

FIPS compliance ····························································································································································· 79

Configuring the device as an SSH server ···················································································································· 79

SSH server configuration task list ························································································································ 79

Generating local DSA or RSA key pairs ············································································································· 79

Enabling the SSH server function ························································································································· 80

Enabling the SFTP server function ························································································································ 80

Configuring the user interfaces for SSH clients ·································································································· 81

Configuring a client's host public key ················································································································· 81

Configuring an SSH user ······································································································································ 82

Setting the SSH management parameters ·········································································································· 83

Configuring the device as an Stelnet client ················································································································· 84

Stelnet client configuration task list ······················································································································ 84

Specifying a source IP address or source interface for the Stelnet client ························································ 84

Establishing a connection to an Stelnet server ··································································································· 85

Configuring the device as an SFTP client ···················································································································· 86

SFTP client configuration task list ························································································································· 86

Specifying a source IP address or source interface for the SFTP client ··························································· 87

Establishing a connection to an SFTP server ······································································································ 87

Working with SFTP directories ····························································································································· 88