BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
54 Chapter 1: Accessing the Switch BMD00113, September 2009
Secure Shell and Secure Copy
Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encrypt and secure messages
between a remote administrator and the switch. Telnet does not provide this level of security. The
Telnet method of managing a GbE2c does not provide a secure connection.
SSH is a protocol that enables remote administrators to log securely into the GbE2c over a network
to execute management commands.
SCP is typically used to copy files securely from one machine to another. SCP uses SSH for
encryption of data on the network. On a GbE2c, SCP is used to download and upload the switch
configuration via secure channels.
The benefits of using SSH and SCP are listed below:
Identifying the administrator using Name/Password
Authentication of remote administrators
Authorization of remote administrators
Determining the permitted actions and customizing service for individual administrators
Encryption of management messages
Encrypting messages between the remote administrator and switch
Secure copy support
The BLADE OS implementation of SSH supports both versions 1.5 and 2.0 and supports SSH
clients version 1.5 - 2.x. The following SSH clients have been tested:
SSH 1.2.23 and SSH 1.2.27 for Linux (freeware)
SecureCRT 3.0.2 and SecureCRT 3.0.3 for Windows NT (Van Dyke Technologies, Inc.)
F-Secure SSH 1.1 for Windows (Data Fellows)
Putty SSH
Cygwin OpenSSH
Mac X OpenSSH
Solaris 8 OpenSSH
AxeSSH SSHPro
SSH Communications Vandyke SSH A
F-Secure