Manualshelf

HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, December 2009)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch
919293949596979899100
Fabric OS 6.1.1 administrator guide 93
Example: exporting a public key from the switch
switch:kghanta> sshutil exportpubkey
Enter IP address:192.168.38.244
Enter remote directory:~auser/.ssh
Enter login name:auser
Password:
public key out_going.pub is exported successfully.
8. Append the public key to a remote host by logging in to the remote host, locating the directory where
authorized keys are stored, and appending the public key to the file.
You may need to refer to the host’s documentation to locate where the authorized keys are stored.
9. Test the setup by issuing a command that uses SCP and authentication, such as firmwareDownload
or configUpload.
Deleting keys on the switch
1. Log in to the switch as the allowed-user.
2. Issue the sshUtil delprivkey command to delete the private key, or
Issue the sshUtil delpubkeys command to delete all public keys.
Configuring the Telnet protocol
Telnet is enabled by default. To prevent users from passing clear text passwords over the network when
they connect to the switch, you can block the Telnet protocol using an IP Filter policy.
NOTE: Before blocking Telnet, make sure you have an alternate method of establishing a connection with
the switch.
Blocking Telnet
To block Telnet:
1. Connect to the switch and log in as admin.
Connect through some means other than Telnet: for example, through SSH.
2. Create a policy by issuing the following command:
ipfilter --create <policyname> -type < ipv4 | ipv6 >
where policyname is the name of the new policy and -type specifies an IPv4 or IPv6 address.
Example:
ipfilter --create block_telnet_v4 --type ipv4
3. Add a rule to the policy, by issuing the following command:
ipfilter --addrule <policyname> -rule <rule_number> -sip <source_IP> -dp
<dest_port> -proto <protocol> -act <deny>
where the -sip option can be given as any; dp is the port number for telnet (23), and -proto is tcp.
Example:
ipfilter --addrule block_telnet_v4 -rule 2 -sip any -dp 23 -proto tcp -act deny
4. Save the new ipfilter policy by issuing the following command:
ipfilter --save [policyname]
where [policyname] is the name of the policy and is optional.