Manualshelf

R21xx-HP FlexFabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
81828384858687888990
79
Password-publickey authenticationThe server requires SSH2 clients to pass both password
authentication and publickey authentication. However, an SSH1 client only needs to pass either
authentication, regardless of the requirement of the server.
Any authenticationThe server requires clients to pass either password authentication or publickey
authentication.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non
-FIPS mode.
Configuring the device as an SSH server
You can configure the device as an Stelnet, SFTP, or SCP server. Because the configuration procedures
are similar, the SSH server represents the Stelnet, SFTP, or SCP server unless otherwise specified.
SSH server configuration task list
Tasks at a
g
lance
Remarks
(Required.) Generating local DSA or RSA key pairs
N/A
(Required.) Enabling the SSH server function Required for Stelnet, SFTP, and SCP servers.
(Required.) Enabling the SFTP server function Required for SFTP server.
(Required.) Configuring the user interfaces for SSH clients
N/A
(Required.) Configuring a client's host public key
Required for users that use publickey
authentication, whether together with password
authentication or not.
(Required/optional.) Configuring an SSH user
Required for users that use publickey
authentication, whether together with password
authentication or not.
Optional for users that use only password
authentication.
(Optional.) Setting the SSH management parameters N/A
Generating local DSA or RSA key pairs
The DSA or RSA key pairs are required for generating the session key and session ID in the key exchange
stage, and can also be used by a client to authenticate the server. When a client tries to authenticate the
server, it compares the public key that it receives from the server with the server public key that it saved
locally. If the keys are consistent, the client uses the public key to authenticate the digital signature that
receives from the server. If the digital signatures are consistent, the authentication succeeds.
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on the
SSH server.