HP FlexNetwork 10500 Series Security Configuration Manual page 428
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
[SwitchB] ssh2 algorithm public-key x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
# Enable the SCP server.
[SwitchB] scp server enable
# Assign an IP address to VLAN-interface 2.
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 192.168.0.1 255.255.255.0
[SwitchB-Vlan-interface2] quit
# Set the authentication mode to AAA for user lines.
[SwitchB] line vty 0 15
[SwitchB-line-vty0-15] authentication-mode scheme
[SwitchB-line-vty0-15] quit
# Create a local device management user client001. Authorize the user to use the SSH service
and assign the user role network-admin to the user.
[SwitchB] local-user client001 class manage
[SwitchB-luser-manage-client001] service-type ssh
[SwitchB-luser-manage-client001] authorization-attribute user-role network-admin
[SwitchB-luser-manage-client001] quit
# Create a local device management user client002. Authorize the user to use the SSH service
and assign the user role network-admin to the user.
[SwitchB] local-user client002 class manage
[SwitchB-luser-manage-client002] service-type ssh
[SwitchB-luser-manage-client002] authorization-attribute user-role network-admin
[SwitchB-luser-manage-client002] quit
4.
Establish an SCP connection to the SCP server 192.168.0.1:
Based on the 128-bit Suite B algorithms:
# Specify server256 as the PKI domain of the server's certificate.
[SwitchB]ssh server pki-domain server256
# Create an SSH user client001. Specify the authentication method publickey for the user
and specify client256 as the PKI domain for verifying the client's certificate.
[Switch] ssh user client001 service-type scp authentication-type publickey assign
pki-domain client256
# Establish an SCP connection to the SCP server 192.168.0.1 based on the 128-bit Suite B
algorithms.
<SwitchA> scp 192.168.0.1 get src.cfg suite-b 128-bit pki-domain client256
server-pki
-domain server256
Username: client001
Press CTRL+C to abort.
Connecting to 192.168.0.1 port 22.
src.cfg
<SwitchA>
Based on the 192-bit Suite B algorithms:
# Specify server384 as the PKI domain of the server's certificate.
[SwitchB] ssh server pki-domain server384
# Create an SSH user client002. Specify the authentication method publickey for the user
and specify client384 as the PKI domain for verifying the client's certificate.
[Switch] ssh user client002 service-type scp authentication-type publickey assign
pki-domain client384
100% 4814
414
4.7KB/s
00:00
Advertisement
Table of Contents
Troubleshooting
