SSH H3C Low-End Ethernet Switches Configuration Examples. Table of Contents
|
|
- Wilfrid Mitchell
- 5 years ago
- Views:
Transcription
1 Table of Contents Table of Contents Chapter 1 Overview Introduction to Support for Functions Configuration Configuring an Server Configuring an Client Precautions Chapter 2 Configuration Commands Configuration Commands Configuring an H3C Switch as an Server Configuration Procedure Configuration Commands Configuring an H3C Switch as an Client Configuration Procedure Configuration Commands Chapter 3 Configuration Example Configuration Example When the Switch Acts as the Server and the Authentication Type is Password When the Switch Acts as an Server and the Authentication Type is RSA When the Switch Acts as an Client and the Authentication Type is Password When the Switch Acts as an Client and the Authentication Type is RSA When the Switch Acts as an Client and First-time authentication is not Supported i
2 Abstract Configuration Example Keywords:, RSA Abstract: This article introduces the application of on the H3C low-end Ethernet switches in real network environments, and then presents detailed configurations of the involved client and Ethernet switches respectively. Acronyms: (Secure Shell), RSA (Rivest Shamir Adleman) ii
3 Chapter 1 Overview Chapter 1 Overview 1.1 Introduction to Secure Shell () is designed to provide secure remote login and other security services in insecure network environments. When users remotely access the switch across an insecure network, will automatically encrypt data before transmission and decrypt data after they reach the destination to guarantee information security and protect switches from such attacks as plain-text password interception. In addition, provides powerful authentication to defend against the man-in-the-middle attacks. uses the client/server mode, by which the server accepts the connection requests from clients and provides authentication. clients can establish connections and log into the server through the connections. also provides other functions, such as compressing the data to be transmitted to speed up the transmission speed, functioning as Telnet, and providing secure channels for FTP, PoP and even PPP. Note: For details about functions supported on different Ethernet switches, refer to related user manuals. 1.2 Support for Functions Table 1-1 List of functions supported on the H3C low-end Ethernet switches Function Model server client S3600-EI S3600-SI S5600 S5100 S3100 S P 1-1
4 Chapter 1 Overview 1.3 Configuration Configuring an Server I. For a H3C switch to be the server Configure the protocols supported on user interfaces Create or destroy a RSA key pair Export a RSA key pair Create an user and specify an authentication type Specify a service type for the user Configure the management function on the server Configure a client public key on the server Specify a public key for the user Specify the source IP address or source interface of packets II. For a non H3C device to be the server For such configuration, refer to the related user manual Configuring an Client I. Using client software There are many kinds of client software, such as PuTTY and Open. You can select one as required and refer to the attached manual for configuration. II. Using an 2-capable switch Configure whether first-time authentication is supported Establish a connection between the client and the server Precautions If you have configured a user interface to support the protocol, you must configure AAA authentication for the user interface by using the authentication-mode scheme command to ensure successful login. Creating a RSA key pair on the server is necessary for successful login. For new users to login successfully, you must specify an authentication type for them. 1-2
5 Chapter 2 Configuration Commands Chapter 2 Configuration Commands 2.1 Configuration Commands To implement, you need to configure the client and the server correctly. The subsequent sections describe configuration commands on the switch. For more information, refer to the Operation Manual. 2.2 Configuring an H3C Switch as an Server Configuration Procedure Table 2-1 Configure the switch as an server Role Common configur ation Authenticatio n type Public key configuration Remarks Password authentication For detailed command, refer to Password authentication. server For detailed command, refer to Common configurat ion. RSA authentication Configure a public key manually: copy the public key from the client public key file to the server. Import a public key: import the public key from the client public file to the server through commands. Associat e the client public key saved on the server to the client For detailed commands, refer to Configuring the client RSA public key manually. For detailed commands, refer to Importing the client RSA public key. I. Precautions for authentication type configuration The above table introduces the password authentication and RSA authentication separately. In practice, you can combine the two authentication types. 2-1
6 Chapter 2 Configuration Commands Executing the ssh authentication-type default password-publickey command or the ssh user authentication-type password-publickey command means that users must not only pass the password authentication but also pass the RSA authentication to login the server. Executing the ssh authentication-type default all command or the ssh user authentication-type all command means that users can login the server as long as they pass either the password or RSA authentication. II. Public key configuration procedure and precautions As shown intable 2-1, you need to copy or import the public key from the client to the server. 1) Manually configure the RSA public key When a switch acts as the client, use the display rsa local-key-pair public command to display the RSA public key after creating RSA key pair through the corresponding commands. Manually copy the RSA public key to the server. Thus, the server has the same public key as the client, and can authenticate the client when the client establishes a connection with it. 2) Import the RSA public key When a switch acts as the server, use the client software to generate an RSA key pair, and then upload the RSA public key file to the server through FTP or TFTP. On the server, import the public key from the public key file through commands. 3) Precautions When some client software like PuTTY is used to generate an RSA key pair, you can either manully configure the public key for the server or import the public key to the server Configuration Commands I. Common configuration Table 2-2 Common configuration Operation Command Remarks Enter system view system-view Enter the view of one or multiple user interfaces user-interface [ type-keyword ] number [ ending-number ] 2-2
7 Chapter 2 Configuration Commands Operation Command Remarks Configure the authentication mode as scheme Specify the supported protocol(s) authentication-mode scheme [ command-authorization ] protocol inbound { all ssh telnet } Required By default, the user interface authentication mode is password. Optional By default, both Telnet and are supported. Return to the system view quit Create an RSA key pair Destroy the RSA key pair Specify a service type for the user rsa local-key-pair create rsa local-key-pair destroy ssh user username service-type { stelnet sftp all } Required By default, no RSA key pair is created. Optional Optional stelnet by default Set authentication timeout time ssh server timeout seconds Optional By default, the timeout time is 60 seconds. Set authentication times retry ssh server authentication-retries times Optional By default, the number of retry times is 3. Set RSA server key update interval Configure server to be compatible with 1.x clients ssh server rekey-interval hours ssh server compatible-ssh1x enable Optional By default, the system does not update RSA server keys. Optional By default, server is compatible with 1.x clients. Specify a source IP address for the server ssh-server ip-address source-ip Optional Specify a source interface for the server ssh-server source-interface interface-type interface-number Optional 2-3
8 Chapter 2 Configuration Commands II. Password authentication configuration Table 2-3 Configure password authentication Operation Command Description Create an User and specify an authentication type Specify the default authentication type for all users Create an user, and specify an authentication type for the user ssh authenticatio n-type default password ssh user username ssh user username authenticatio n-type password Use either command. By default, no user is created and no authentication type is specified. Note that: If both commands are used and different authentication types are specified, the authentication type specified with the ssh user authentication-type command takes precedence. Note: For common configuration commands, refer totable 2-2. III. Configuring the client RSA public key manually Table 2-4 Configure the client RSA public key manually Operation Command Description Create an user and specify an authentication type Specify the default authentication type for all ssh authenticatio n-type default rsa users ssh user username Create an user, and specify an authentication type for it ssh user username authenticatio n-typ rsa Use either command. By default, no user is created and no authentication type is specified. Note that: If both commands are used and different authentication types are specified, the authentication type specified with the ssh user authentication-type command takes precedence. Enter public key view rsa peer-public-key keyname Required Enter public key edit view public-key-code begin 2-4
9 Chapter 2 Configuration Commands Operation Command Description Configure the client RSA public key Return from public key code view to public key view Enter the content of the RSA public key public-key-code end The content must be a hexadecimal string that is generated randomly by the -supported client software and coded compliant to PKCS. Spaces and carriage returns are allowed between characters. When you exit public key code view, the system automatically saves the public key. Return from public key view to system view peer-public-key end Assign a public key to an user ssh user username assign rsa-key keyname Required If you issue this command multiple times, the last command overrides the previous ones Note: For general configuration commands, refer totable 2-2. IV. Importing the client RSA public key Table 2-5 Import the client RSA public key Operation Command Description Create an user and specify an authentication type Specify the default authentication type for all ssh authenticatio n-type default rsa users ssh user username Create an user, and specify an authentication type for it ssh user username authenticatio n-type rsa Use either command. By default, no user is created and no authentication type is specified. Note that: If both commands are used and different authentication types are specified, the authentication type specified with the ssh user authentication-type command takes precedence. 2-5
10 Chapter 2 Configuration Commands Operation Command Description Import the client RSA public key from the specified public key file Assign a public key to an user rsa peer-public-key keyname import sshkey filename ssh user username assign rsa-key keyname Required Required If you issue this command multiple times, the last command overrides the previous ones Note: For general configuration commands, refer totable Configuring an H3C Switch as an Client When the device connects to the server as an client, you can configure whether the device supports first-time authentication. First-time authentication means that when the client accesses the server for the first time and is not configured with the server host public key, the user can continue accessing the server, and will save the host public key on the client for use in subsequent authentications. When first-time authentication is not supported, a client, if not configured with the server host public key, will be denied of access to the server. To access the server, a user must configure in advance the server host public key locally and specify the public key name for authentication. 2-6
11 Chapter 2 Configuration Commands Configuration Procedure Table 2-6 Configure the switch as an client Role Common configur ation First-time authentic ation support Public key configuration Access the server Remarks Client Refer to Common configura tion. Yes No Configure a public key manually: copy the server public key from the public key file to the client Specify the host public key of the server to be connected Establish a connecti on between the client and the server Refer to Enabling first-time authentic ation. Refer to Disabling first-time authentic ation and manually configurin g the server public key. As shown intable 2-6, you need to configure the server public key to the client in the case that the client does not support first-time authentication. 2) Manually configure the RSA public key On the server, use the display rsa local-key-pair public command to display the RSA public key. Manually copy the public key to the client. Thus, the client has the same public key as the server, and can authenticate the server using the public key when establishing a connection with the server Configuration Commands I. Common configuration Table 2-7 Common configuration Operation Command Description Enter system view system-view Specify a source IP address for the client ssh2 source-ip ip-address Optional 2-7
12 Chapter 2 Configuration Commands Operation Command Description Specify a source interface for the client ssh2 source-interface interface-type interface-number Optional II. Enabling first-time authentication Table 2-8 Enable first-time authentication Operation Command Description Enter system view system-view Enable first-time authentication Establish a connection with the server ssh client first-time enable ssh2 { host-ip host-name } [ port-num ] [ prefer_kex { dh_group1 dh_exchange_group } prefer_ctos_cipher { des aes128 } prefer_stoc_cipher { des aes128 } prefer_ctos_hmac { sha1 sha1_96 md5 md5_96 } prefer_stoc_hmac { sha1 sha1_96 md5 md5_96 } ] * Optional Enabled by default Required In this command, you can also specify the preferred key exchange algorithm, encryption algorithms and HMAC algorithms between the server and client. III. Disabling first-time authentication and manually configuring the server public key Table 2-9 Disable first-time authentication and manually configure the server public key Operation Command Description Enter system view system-view Disable first-time authentication undo ssh client first-time Required Enabled by default Enter public key view rsa keyname peer-public-key Required Enter public key edit view public-key-code begin 2-8
13 Chapter 2 Configuration Commands Operation Command Description Configure public key server Enter the content of the public key When you input the key data, spaces are allowed between the characters you input (because the system can remove the spaces automatically); you can also press <Enter> to continue your input at the next line. But the key you input should be a hexadecimal digit string coded in the public key format. Return to public key view from public key edit view public-key-code end When you exit public key code view, the system automatically saves the public key Exit public key view and return to system view peer-public-key end Specify the host key name of the server Start the client to establish a connection with an server ssh client { server-ip server-name } assign rsa-key keyname ssh2 { host-ip host-name } [ port-num ] [ prefer_kex { dh_group1 dh_exchange_group } prefer_ctos_cipher { des aes128 } prefer_stoc_cipher { des aes128 } prefer_ctos_hmac { sha1 sha1_96 md5 md5_96 } prefer_stoc_hmac { sha1 sha1_96 md5 md5_96 } ] * Optional Required when the client does not support first-time authentication You need to copy the server public key to the client before performing this configuration. Required In this command, you can also specify the preferred key exchange algorithm, encryption algorithms and HMAC algorithms between the server and client. 2-9
14 Chapter 3 Configuration Example Chapter 3 Configuration Example Note: The S3600 software version in this configuration example is Release Configuration Example When the Switch Acts as the Server and the Authentication Type is Password I. Network requirements As shown infigure 3-1, establish an connection between the host ( Client) and the switch ( Server) for secure data exchange. The host runs 2.0 client software. Password authentication is required. II. Network diagram Figure 3-1 Network diagram of server configuration using password authentication III. Configuration procedure 1) Configure the server # Create a VLAN interface on the switch and assign an IP address, which the client will use as the destination for connection. <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Generate RSA key pairs. [H3C] rsa local-key-pair create # Set the authentication mode for the user interfaces to AAA. 3-1
15 Chapter 3 Configuration Example [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support. [H3C-ui-vty0-4] protocol inbound ssh [H3C-ui-vty0-4] quit # Create local client client001, and set the authentication password to abc, protocol type to, and command privilege level to 3 for the client. [H3C] local-user client001 [H3C-luser-client001] password simple abc [H3C-luser-client001] service-type ssh level 3 [H3C-luser-client001] quit # Specify the authentication method of user client001 as password. [H3C] ssh user client001 authentication-type password 2) Configure the client # Configure an IP address ( in this case) for the client. This IP address and that of the VLAN interface on the switch must be in the same network segment. # Configure the client software to establish a connection to the server. Take client software Putty (version 0.58) as an example: Run PuTTY.exe to enter the following configuration interface. Figure 3-2 client configuration interface 3-2
16 Chapter 3 Configuration Example In the Host Name (or IP address) text box, enter the IP address of the server. From the category on the left pane of the window, select under Connection. The window as shown in Figure 3-3 appears. Figure 3-3 client configuration interface 2 Under Protocol options, select 2 from Preferred protocol version. As shown infigure 3-4, click Open to enter the following interface. If the connection is normal, you will be prompted to enter the user name client001 and password abc. Once authentication succeeds, you will log onto the server. 3-3
17 Chapter 3 Configuration Example Figure 3-4 client interface When the Switch Acts as an Server and the Authentication Type is RSA I. Network requirements As shown infigure 3-5, establish an connection between the host ( client) and the switch ( Server) for secure data exchange. The host runs 2.0 client software. RSA authentication is required. II. Network diagram Figure 3-5 Network diagram of server configuration III. Configuration procedure 1) Configure the server # Create a VLAN interface on the switch and assign an IP address, which the client will use as the destination for connection. <H3C> system-view [H3C] interface vlan-interface 1 3-4
18 Chapter 3 Configuration Example [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Generate RSA key pairs. [H3C] rsa local-key-pair create # Set the authentication mode for the user interfaces to AAA. [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support. [H3C-ui-vty0-4] protocol inbound ssh # Set the client s command privilege level to 3 [H3C-ui-vty0-4] user privilege level 3 [H3C-ui-vty0-4] quit # Configure the authentication type of the client named client 001 as RSA. [H3C] ssh user client001 authentication-type rsa Note: Before performing the following steps, you must generate an RSA public key pair (using the client software) on the client, save the key pair in a file named public, and then upload the file to the server through FTP or TFTP. For details, refer to Configuring the Client. # Import the client s public key named Switch001 from file public. [H3C] rsa peer-public-key Switch001 import sshkey public # Assign the public key Switch001 to client client001. [H3C] ssh user client001 assign rsa-key Switch001 2) Configure the client # Generate an RSA key pair, taking PuTTYGen as an example. Run PuTTYGen.exe, choose 2(RSA) and click Generate. 3-5
19 Chapter 3 Configuration Example Figure 3-6 Generate a client key pair (1) Note: While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 3-6. Otherwise, the process bar stops moving and the key pair generating process is stopped. 3-6
20 Chapter 3 Configuration Example Figure 3-7 Generate a client key pair (2) After the key pair is generated, click Save public key and enter the name of the file for saving the public key ( public in this case). 3-7
21 Chapter 3 Configuration Example Figure 3-8 Generate a client key pair (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the private key ( private.ppk in this case). Figure 3-9 Generate a client key pair (4) Note: After a public key pair is generated, you need to upload the pubic key file to the server through FTP or TFTP, and complete the server end configuration before you continue to configure the client. 3-8
22 Chapter 3 Configuration Example # Establish a connection with the server. The following takes the client software Putty (version 0.58) as an example. Launch PuTTY.exe to enter the following interface. Figure 3-10 client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server. From the category on the left pane of the window, select under Connection. The window as shown in Figure 3-11appears. 3-9
23 Chapter 3 Configuration Example Figure 3-11 client configuration interface 2 Under Protocol options, select 2 from Preferred protocol version. Select Connection//Auth. The following window appears. 3-10
24 Chapter 3 Configuration Example Figure 3-12 client configuration interface (2) Click Browse to bring up the file selection window, navigate to the private key file and click OK. From the window shown infigure 3-12, click Open. The following client interface appears. If the connection is normal, you will be prompted to enter the username and password, as shown infigure
25 Chapter 3 Configuration Example Figure 3-13 client interface When the Switch Acts as an Client and the Authentication Type is Password I. Network requirements As shown infigure 3-14, establish an connection between Switch A ( Client) and Switch B ( Server) for secure data exchange. The user name for login is client001 and the server s IP address is Password authentication is required. II. Network diagram Figure 3-14 Network diagram of client configuration when using password authentication III. Configuration procedure 1) Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the client will use as the destination for connection. 3-12
26 Chapter 3 Configuration Example <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Generate RSA key pairs. [H3C] rsa local-key-pair create # Set the authentication mode for the user interfaces to AAA. [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support. [H3C-ui-vty0-4] protocol inbound ssh [H3C-ui-vty0-4] quit # Create local user client001, and set the authentication password to abc, the login protocol to, and user command privilege level to 3. [H3C] local-user client001 [H3C-luser-client001] password simple abc [H3C-luser-client001] service-type ssh level 3 [H3C-luser-client001] quit # Configure the authentication type of user client001 as password. [H3C] ssh user client001 authentication-type password 2) Configure Switch A # Create a VLAN interface on the switch and assign an IP address, which serves as the client s address in an connection. <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Establish a connection to the server [H3C] ssh Username: client001 Trying Press CTRL+K to abort Connected to The Server is not authenticated. Do you continue to access it?(y/n):y Do you want to save the server's public key?(y/n):n Enter password: ************************************************************************* 3-13
27 Chapter 3 Configuration Example * Copyright(c) Hangzhou H3C Technologies Co., Ltd. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ************************************************************************* <H3C> When the Switch Acts as an Client and the Authentication Type is RSA I. Network requirements As shown infigure 3-15, establish an connection between Switch A ( Client) and Switch B ( Server) for secure data exchange. The user name is client001 and the server s IP address is RSA authentication is required. II. Network diagram Figure 3-15 Network diagram of client configuration when using publickey authentication III. Configuration procedure 1) Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the client will use as the destination for connection. <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Generate RSA key pair. [H3C] rsa local-key-pair create # Set the authentication mode for the user interfaces to AAA. [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support. [H3C-ui-vty0-4] protocol inbound ssh # Set the user command privilege level to
28 Chapter 3 Configuration Example [H3C-ui-vty0-4] user privilege level 3 [H3C-ui-vty0-4] quit # Specify the authentication type of user client001 as RSA. [H3C] ssh user client001 authentication-type rsa Note: Before proceeding with the following steps, you need to generate an RSA key pair on the client, and manually configure the RSA public key for the server. For detailed information, refer to client configuration. # Configure the public key of the client on the server, and specify the public key name as Switch001.. [H3C] rsa peer-public-key Switch001 RSA public key view: return to System View with "peer-public-key end". [H3C-rsa-public-key] public-key-code begin RSA key code view: return to last view with "public-key-code end". [H3C-rsa-key-code] 3047 [H3C-rsa-key-code] 0240 [H3C-rsa-key-code] C8969B5A F4 0BDB4E5E F608B [H3C-rsa-key-code] 349EBD6A B0C75CDF 8B84DBE7 D5E2C4F8 AED72834 [H3C-rsa-key-code] 74D3404A 0B14363D D709CC63 68C8CE00 57C0EE6B [H3C-rsa-key-code] 074C0CA9 [H3C-rsa-key-code] 0203 [H3C-rsa-key-code] [H3C-rsa-key-code] public-key-code end [H3C-rsa-public-key] peer-public-key end [H3C] # Assign the public key Switch001 to user client001. [H3C] ssh user client001 assign rsa-key Switch001 2) Configure Switch A # Create a VLAN interface on the switch and assign an IP address, which serves as the client s address in an connection. <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Generate a RSA key pair [H3C] rsa local-key-pair create 3-15
29 Chapter 3 Configuration Example # Display the RSA public key on the client. <H3C> display rsa local-key-pair public ===================================================== Time of Key pair created: 05:15: /12/08 Key name: H3C_Host Key type: RSA encryption Key ===================================================== Key code: C8969B5A F4 0BDB4E5E F608B 349EBD6A B0C75CDF 8B84DBE7 D5E2C4F8 AED D3404A 0B14363D D709CC63 68C8CE00 57C0EE6B 074C0CA <Omitted> Note: After generating an RSA key pair on the client, you need to configure the RSA public key for the server and finish the server configuration before continuing to configure the client. # Establish an connection to the server [H3C] ssh Username: client001 Trying Press CTRL+K to abort Connected to The Server is not authenticated. Do you continue to access it?(y/n):y Do you want to save the server's public key?(y/n):n ************************************************************************* * Copyright(c) Hangzhou H3C Technologies Co., Ltd. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ************************************************************************* 3-16
30 Chapter 3 Configuration Example <H3C> When the Switch Acts as an Client and First-time authentication is not Supported I. Network requirements As shown infigure 3-16, establish an connection between Switch A ( Client) and Switch B ( Server) for secure data exchange. The user name is client001 and the server s IP address is The RSA authentication mode is used to enhance security. II. Network diagram Figure 3-16 Network diagram of client configuration III. Configuration procedure 1) Configure Switch B # Create a VLAN interface on the switch and assign an IP address for it to serve as the destination of the client. <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Generate RSA key pairs. [H3C] rsa local-key-pair create # Set AAA authentication on user interfaces. [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Configure the user interfaces to support. [H3C-ui-vty0-4] protocol inbound ssh # Set the user command privilege level to 3. [H3C-ui-vty0-4] user privilege level 3 [H3C-ui-vty0-4] quit 3-17
31 Chapter 3 Configuration Example # Specify the authentication type for user client001 as RSA. [H3C] ssh user client001 authentication-type rsa Note: Before proceeding with the following steps, you need to generate an RSA key pair on the client, and manually configure the RSA public key for the server. For detailed information, refer to client configuration. # Configure the public key of the client on the server, and specify the public key name as Switch001 [H3C] rsa peer-public-key Switch001 RSA public key view: return to System View with "peer-public-key end". [H3C-rsa-public-key] public-key-code begin RSA key code view: return to last view with "public-key-code end". [H3C-rsa-key-code] 3047 [H3C-rsa-key-code] 0240 [H3C-rsa-key-code] C8969B5A F4 0BDB4E5E F608B [H3C-rsa-key-code] 349EBD6A B0C75CDF 8B84DBE7 D5E2C4F8 AED72834 [H3C-rsa-key-code] 74D3404A 0B14363D D709CC63 68C8CE00 57C0EE6B [H3C-rsa-key-code] 074C0CA9 [H3C-rsa-key-code] 0203 [H3C-rsa-key-code] [H3C-rsa-key-code] public-key-code end [H3C-rsa-public-key] peer-public-key end [H3C] # Assign public key Switch001 to user client001 [H3C] ssh user client001 assign rsa-key Switch001 Note: If first-time authentication is disabled on the device, it is necessary to configure on the client the RSA public key of the server. # Display the RSA public key on the server. [H3C] display rsa local-key-pair public ===================================================== 3-18
32 Chapter 3 Configuration Example Time of Key pair created: 09:04: /04/04 Key name: H3C_Host Key type: RSA encryption Key ===================================================== Key code: C9330FFD 2E2A606F 3BFD5554 8DACDFB8 4D754E86 FC2D15E A 0F6A2A6A A94A207E 1E25F3F9 E0EA01A2 4E0F2FF7 B1D F02333 E443EE74 5C3615C3 E5B3DC91 D41900F0 2AE8B301 E55B ECF2C 28A6A454 C27449E0 46EB1EAF 8A918D33 BAF53AF3 63B1FB17 F01E BE2EEA A272CD78 C289B7DD 2BE0F7AD <Omitted> 2) Configure Switch A # Create a VLAN interface on the switch and assign an IP address, which serves as the client s address in an connection. <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address [H3C-Vlan-interface1] quit # Generate a RSA key pair [H3C] rsa local-key-pair create # Export the generated RSA key pair to a file named Switch001. <H3C> display rsa local-key-pair public ===================================================== Time of Key pair created: 05:15: /12/08 Key name: H3C_Host Key type: RSA encryption Key ===================================================== Key code: C8969B5A F4 0BDB4E5E F608B 349EBD6A B0C75CDF 8B84DBE7 D5E2C4F8 AED D3404A 0B14363D D709CC63 68C8CE00 57C0EE6B 074C0CA9 3-19
33 Chapter 3 Configuration Example <Omitted> Note: After the client generates an RSA key pair, it is necessary to configure the RSA public key for the server and finish the server configuration before continuing to configure the client. # Disable first-time authentication on the device. [H3C] undo ssh client first-time Note: If first-time authentication is disabled on the device, it is necessary to configure on the client the RSA public key of the server. # Configure the public key of the server on the client, and specify the public key name as Switch002. [H3C] rsa peer-public-key Switch002 RSA public key view: return to System View with "peer-public-key end". [H3C-rsa-public-key] public-key-code begin RSA key code view: return to last view with "public-key-code end". [H3C-rsa-key-code] [H3C-rsa-key-code] [H3C-rsa-key-code] C9330FFD 2E2A606F 3BFD5554 8DACDFB8 4D754E86 [H3C-rsa-key-code] FC2D15E A 0F6A2A6A A94A207E 1E25F3F9 [H3C-rsa-key-code] E0EA01A2 4E0F2FF7 B1D F02333 E443EE74 [H3C-rsa-key-code] 5C3615C3 E5B3DC91 D41900F0 2AE8B301 E55B1420 [H3C-rsa-key-code] 024ECF2C 28A6A454 C27449E0 46EB1EAF 8A918D33 [H3C-rsa-key-code] BAF53AF3 63B1FB17 F01E BE2EEA A272CD78 [H3C-rsa-key-code] C289B7DD 2BE0F7AD [H3C-rsa-key-code] 0203 [H3C-rsa-key-code] [H3C-rsa-key-code] public-key-code end [H3C-rsa-public-key] peer-public-key end [H3C] 3-20
34 Chapter 3 Configuration Example # Specify the host public key pair name of the server. [H3C] ssh client assign rsa-key Switch002 # Establish the connection to server [H3C] ssh Username: client001 Trying Press CTRL+K to abort Connected to ************************************************************************* * Copyright(c) Hangzhou H3C Technologies Co., Ltd. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ************************************************************************* <H3C> 3-21
SSH Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents
Table of Contents Table of Contents Chapter 1 SSH Overview... 1-1 1.1 Introduction to SSH... 1-1 1.2 Support for SSH Functions... 1-1 1.3 SSH Configuration... 1-1 1.3.1 Configuring an SSH Server... 1-1
More informationTable of Contents 1 SSH Configuration 1-1
Table of Contents 1 SSH Configuration 1-1 SSH Overview 1-1 Introduction to SSH 1-1 Algorithm and Key 1-1 Asymmetric Key Algorithm 1-2 SSH Operating Process 1-2 Configuring the SSH Server 1-4 SSH Server
More informationOperation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 SSH Overview... 1-1 1.2 Configuring the SSH Server... 1-5 1.2.1 Enabling SSH Server... 1-5 1.2.2 Configuring the Protocols for the SSH Client User Interface
More informationTable of Contents 1 FTP and SFTP Configuration TFTP Configuration 2-1
Table of Contents 1 FTP and SFTP Configuration 1-1 Introduction to FTP and SFTP 1-1 Introduction to FTP 1-1 Introduction to SFTP 1-1 FTP Configuration 1-2 FTP Configuration: A Switch Operating as an FTP
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More informationTable of Contents 1 Commands for Access Controller Switch Interface Board 1-1
Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1 Commands for Access Controller and Access Controller Switch Interface Board 1-1 acl (user interface view) 1-1 activation-key
More informationTable of Contents 1 SSH Commands 1-1
Table of Contents 1 SSH Commands 1-1 SSH Commands 1-1 display public-key local 1-1 display public-key peer 1-2 display rsa local-key-pair public 1-3 display rsa peer-public-key 1-5 display ssh server 1-6
More informationPrivilege Level Switching Authentication Technology White Paper
Privilege Level Switching Authentication Technology White Paper Keywords: Privilege level switching authentication, RADIUS, HWTACACS Abstract: This document briefly describes the background and implementation
More informationLogging in to the CLI
Contents Logging in to the CLI 1 Login methods 1 Logging in through the console port 2 Introduction 2 Configuration procedure 2 Logging in through the AUX port 5 Configuration prerequisites 5 Configuration
More informationLogin management commands
Contents Login management commands 1 CLI login configuration commands 1 display telnet client configuration 1 telnet 1 telnet ipv6 2 telnet server enable 3 User interface configuration commands 3 acl (user
More informationLogging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24
Contents Logging in to the CLI 1 Login methods 1 Logging in through the console or AUX port 2 Introduction 2 Configuration procedure 2 Logging in through Telnet 6 Introduction 6 Logging in to the switch
More informationUser authentication configuration example 11 Command authorization configuration example 13 Command accounting configuration example 14
Contents Logging in to the CLI 1 Login methods 1 Logging in through the console or AUX port 2 Logging in through Telnet 5 Telnetting to the switch 5 Telnetting from the switch to another device 7 Logging
More informationOperation Manual Login and User Interface. Table of Contents
Table of Contents Table of Contents Chapter 1 Switch Login... 1-1 1.1 Setting Up Configuration Environment Through the Console Port... 1-1 1.2 Setting Up Configuration Environment Through Telnet... 1-2
More informationSSH Configuration. Page 1 of 8
SSH Configuration Page 1 of 8 Contents Chapter 1 SSH Terminal Services...3 1.1 Introduction to SSH... 3 1.2 SSH Server Configuration... 4 1.3 Log in Switch from SSH Client... 4 1.4 SSH Server Configuration
More informationRADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model
Table of Contents RADIUS Configuration 1 Overview 1 Introduction to RADIUS 1 Client/Server Model 1 Security and Authentication Mechanisms 2 Basic Message Exchange Process of RADIUS 2 RADIUS Packet Format
More informationH3C S5830V2 & S5820V2 Switch Series
H3C S5830V2 & S5820V2 Switch Series Security Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release2108 Document version: 6W101-20120531 Copyright 2012, Hangzhou
More informationHP Load Balancing Module
HP Load Balancing Module System Management Configuration Guide Part number: 5998-4216 Software version: Feature 3221 Document version: 6PW100-20130326 Legal and notice information Copyright 2013 Hewlett-Packard
More informationIf you prefer to use your own SSH client, configure NG Admin with the path to the executable:
Each Barracuda NG Firewall system is routinely equipped with an SSH daemon listening on TCP port 22 on all administrative IP addresses (the primary box IP address and all other IP addresses that administrative
More informationH3C WA Series WLAN Access Points. Fundamentals Command Reference
H3C WA Series WLAN Access Points Fundamentals Command Reference Abstract This document details the commands for the WA series WLAN access points. Intended audience includes network planners, field technical
More informationImplementing Secure Shell
Implementing Secure Shell Secure Shell (SSH) is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures sessions using standard cryptographic mechanisms,
More informationConfiguring Secure Shell (SSH)
Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information About Configuring Secure Shell, page 2 How to Configure Secure Shell, page 4 Monitoring
More informationLab Configure Basic AP Security through IOS CLI
Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following
More informationLab Configure Basic AP security through GUI
Lab 8.3.1.1 Configure Basic AP security through GUI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following objectives:
More informationExamples of Cisco APE Scenarios
CHAPTER 5 This chapter describes three example scenarios with which to use Cisco APE: Access to Asynchronous Lines, page 5-1 Cisco IOS Shell, page 5-3 Command Authorization, page 5-5 Note For intructions
More informationConfiguring Security for the ML-Series Card
19 CHAPTER Configuring Security for the ML-Series Card This chapter describes the security features of the ML-Series card. This chapter includes the following major sections: Understanding Security, page
More informationH3C S12500 Series Routing Switches
H3C S12500 Series Routing Switches Security Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: S12500-CMW710-R7128 Document version: 6W710-20121130 Copyright 2012,
More informationHP 3600 v2 Switch Series
HP 3600 v2 Switch Series Fundamentals Command Reference Part number: 5998-2359 Software version: Release 2101 Document version: 6W101-20130930 Legal and notice information Copyright 2013 Hewlett-Packard
More informationHP 5920 & 5900 Switch Series
HP 5920 & 5900 Switch Series Security Command Reference Part number: 5998-2887 Software version: Release2208 Document version: 6W100-20130228 Legal and notice information Copyright 2013 Hewlett-Packard
More informationSecure Shell Version 2 Support
The feature allows you to configure Secure Shell (SSH) Version 2. (SSH Version 1 support was implemented in an earlier Cisco software release.) SSH runs on top of a reliable transport layer and provides
More informationPKI Configuration Examples
PKI Configuration Examples Keywords: PKI, CA, RA, IKE, IPsec, SSL Abstract: The Public Key Infrastructure (PKI) is a general security infrastructure for providing information security through public key
More informationHP A3100 v2 Switch Series
HP A3100 v2 Switch Series Fundamentals Command Reference HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B) HP A3100-16
More informationSecure Shell Commands
This module describes the Cisco IOS XR software commands used to configure Secure Shell (SSH). For detailed information about SSH concepts, configuration tasks, and examples, see the Implementing Secure
More informationConsole Port, Telnet, and SSH Handling
Console Port Overview, on page 1 Connecting Console Cables, on page 1 Installing USB Device Drivers, on page 1 Console Port Handling Overview, on page 2 Telnet and SSH Overview, on page 2 Persistent Telnet,
More informationEmergency shell commands 1
Contents Emergency shell commands 1 copy 1 delete 1 dir 2 display copyright 4 display install package 4 display interface m-eth0 5 display ip routing-table 7 display ipv6 routing-table 7 display version
More informationConfiguring Switch-Based Authentication
CHAPTER 7 This chapter describes how to configure switch-based authentication on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. This chapter consists
More informationTitan FTP Server SSH Host Key Authentication with SFTP
2016 Titan FTP Server SSH Host Key Authentication with SFTP A guide for configuring and maintaining SSH Host Key Authentication for SFTP connections in Titan FTP Server. QuickStart Guide 2016 South River
More informationSetting Up Physical Inventory
CHAPTER 4 Devices Every network element that Cisco Prime Fulfillment manages must be defined as a device in the system. An element is any device from which Prime Fulfillment can collect information. In
More informationTable of Contents 1 AAA Overview AAA Configuration 2-1
Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-3 Introduction to RADIUS 1-3
More informationConfiguring SSH and Telnet
This chapter contains the following sections:, page 1 Information About SSH and Telnet SSH Server The Secure Shell Protocol (SSH) server feature enables a SSH client to make a secure, encrypted connection
More informationSecure Shell Commands
This module describes the Cisco IOS XR software commands used to configure Secure Shell (SSH). For detailed information about SSH concepts, configuration tasks, and examples, see the Implementing Secure
More informationTable of Contents 1 Basic Configuration Commands 1-1
Table of Contents 1 Basic Configuration Commands 1-1 Basic Configuration Commands 1-1 clock datetime 1-1 clock summer-time one-off 1-2 clock summer-time repeating 1-3 clock timezone 1-4 configure-user
More informationHP 3600 v2 Switch Series
HP 3600 v2 Switch Series Fundamentals Command Reference Part number: 5998-7608 Software version: Release 2110P02 Document version: 6W100-20150305 Legal and notice information Copyright 2015 Hewlett-Packard
More informationOperation Manual Security. Table of Contents
Table of Contents Table of Contents Chapter 1 802.1x Configuration... 1-1 1.1 802.1x Overview... 1-1 1.1.1 802.1x Standard Overview... 1-1 1.1.2 802.1x System Architecture... 1-1 1.1.3 802.1x Authentication
More informationTable of Contents 1 Basic Configuration Commands 1-1
Table of Contents 1 Basic Configuration Commands 1-1 Basic Configuration Commands 1-1 clock datetime 1-1 clock summer-time one-off 1-2 clock summer-time repeating 1-3 clock timezone 1-4 command-privilege
More informationConfiguring Secure Shell
Configuring Secure Shell Last Updated: October 24, 2011 The Secure Shell (SSH) feature is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures
More informationConfiguring SSH and Telnet
6 CHAPTER This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on Cisco NX-OS devices. This chapter includes the following sections: Information About SSH and Telnet, page 6-1
More informationTable of Contents 1 AAA Overview AAA Configuration 2-1
Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-2 Introduction to RADIUS 1-2
More informationConfiguring TACACS+ Finding Feature Information. Prerequisites for TACACS+
Finding Feature Information, page 1 Prerequisites for TACACS+, page 1 Information About TACACS+, page 3 How to Configure TACACS+, page 7 Monitoring TACACS+, page 16 Finding Feature Information Your software
More informationOperation Manual 802.1x. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 802.1x Overview... 1-1 1.1.1 Architecture of 802.1x... 1-1 1.1.2 Operation of 802.1x... 1-3 1.1.3 EAP Encapsulation over LANs... 1-4 1.1.4 EAP Encapsulation
More informationAdministration of Cisco WLC
Using the Controller Interface, on page 1 Enabling Web and Secure Web Modes, on page 6 Telnet and Secure Shell Sessions, on page 8 Management over Wireless, on page 13 Configuring Management using Dynamic
More informationSecure Shell Version 2 Support
Secure Shell Version 2 Support Last Updated: January 16, 2012 The Secure Shell Version 2 Support feature allows you to configure Secure Shell (SSH) Version 2. SSH runs on top of a reliable transport layer
More informationSecure Shell Configuration Guide, Cisco IOS Release 15M&T
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More information802.1x Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents
Table of Contents Table of Contents Chapter 1 802.1X Overview... 1-1 1.1 Introduction to 802.1X... 1-1 1.2 Features Configuration... 1-1 1.2.1 Global Configuration... 1-1 1.2.2 Configuration in Port View...
More informationTable of Contents. 4 System Guard Configuration 4-1 System Guard Overview 4-1 Guard Against IP Attacks 4-1 Guard Against TCN Attacks 4-1
Table of Contents 1 802.1x Configuration 1-1 Introduction to 802.1x 1-1 Architecture of 802.1x Authentication 1-1 The Mechanism of an 802.1x Authentication System 1-3 Encapsulation of EAPoL Messages 1-3
More informationJoint Venture Hospital Laboratories. Secure File Transfer Protocol (SFTP) Secure Socket Shell (SSH) User s Guide for plmweb.jvhl.
Joint Venture Hospital Laboratories Secure File Transfer Protocol (SFTP) Secure Socket Shell (SSH) User s Guide for plmweb.jvhl.org For Secure File Transfers via the Internet Introduction Version 2.2 April
More informationHP FlexFabric 5700 Switch Series
HP FlexFabric 5700 Switch Series Security Command Reference Part number: 5998-6695 Software version: Release 2416 Document version: 6W100-20150130 Legal and notice information Copyright 2015 Hewlett-Packard
More informationConfiguring Secure Shell on Routers and Switches Running Cisco IOS
Configuring Secure Shell on Routers and Switches Running Cisco IOS Document ID: 4145 Contents Introduction Prerequisites Requirements Components Used Conventions SSH v1 vs. SSH v2 Network Diagram Test
More informationConfiguring Secure Shell (SSH)
Starting with Cisco IOS XE Denali 16.3.1, Secure Shell Version 1 (SSHv1) is deprecated. Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring
More informationFile transfer clients manual File Delivery Services
File transfer clients manual File Delivery Services Publisher Post CH Ltd Information Technology Webergutstrasse 12 CH-3030 Berne (Zollikofen) Contact Post CH Ltd Information Technology Webergutstrasse
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring Secure Shell, on page 2 Information About Configuring Secure Shell, on page 2 How
More informationTable of Contents X Configuration 1-1
Table of Contents 1 802.1X Configuration 1-1 802.1X Overview 1-1 Architecture of 802.1X 1-1 Authentication Modes of 802.1X 1-2 Basic Concepts of 802.1X 1-2 EAP over LAN 1-3 EAP over RADIUS 1-5 802.1X Authentication
More informationH3C SecBlade NetStream Card Configuration Examples
H3C SecBlade NetStream Card Configuration Examples Copyright 2012 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 2 How to Configure SSH, page 5 Monitoring
More informationUsing Cisco IOS XE Software
This chapter describes the basics of using the Cisco IOS XE software and includes the following section: Accessing the CLI Using a Router Console, on page 1 Accessing the CLI Using a Router Console Before
More informationConfiguring the Management Interface and Security
CHAPTER 5 Configuring the Management Interface and Security Revised: February 15, 2011, Introduction This module describes how to configure the physical management interfaces (ports) as well as the various
More informationEnable SSH Access on the Tenable Virtual Appliance (4.4.x-4.7.x) Last Revised: February 27, 2018
Enable SSH Access on the Tenable Virtual Appliance (4.4.x-4.7.x) Last Revised: February 27, 2018 Table of Contents Introduction 3 Requirements 4 Terminology 5 Generate the Key File 6 Generate a Key for
More informationInstalling the WinSCP Secure FTP Client
Draft 0.9 Page 1 of 6 Installing the WinSCP Secure FTP Client This document will instruct you to install the WinSCP application that will provide Secure FTP (SFTP) access to your website folder. So why
More informationSecure Shell Commands
Secure Shell Commands This module describes the Cisco IOS XR software commands used to configure Secure Shell (SSH). For detailed information about SSH concepts, configuration tasks, and examples, see
More informationAdministration of Cisco WLC
HTTP/HTTPS, SSH/Telnet to Cisco WLC, page 1 HTTP/HTTPS, SSH/Telnet to Cisco WLC Using the Controller GUI A browser-based GUI is built into each controller. It allows up to five users to simultaneously
More informationConfiguring Authentication Proxy
Configuring Authentication Proxy Last Updated: January 18, 2012 The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against
More informationOperation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 AAA/RADIUS/HWTACACS Over... 1-1 1.1.1 Introduction to AAA... 1-1 1.1.2 Introduction to RADIUS... 1-3 1.1.3 Introduction to HWTACACS... 1-9 1.1.4 Protocols
More informationControlled/uncontrolled port and port authorization status
Contents 802.1X fundamentals 1 802.1X architecture 1 Controlled/uncontrolled port and port authorization status 1 802.1X-related protocols 2 Packet formats 2 EAP over RADIUS 4 Initiating 802.1X authentication
More informationTable of Contents 1 Basic Configuration Commands 1-1
Table of Contents 1 Basic Configuration Commands 1-1 Basic Configuration Commands 1-1 clock datetime 1-1 clock summer-time one-off 1-1 clock summer-time repeating 1-2 clock timezone 1-4 command-privilege
More informationOperation Manual System Management. Table of Contents
Table of Contents Table of Contents Chapter 1 File System Management... 1-1 1.1 File System Configuration... 1-1 1.1.1 File System Overview... 1-1 1.1.2 Directory... 1-1 1.1.3 File... 1-2 1.1.4 Storage
More informationip source-track through ivrf
ip source-track through ivrf ip source-track, page 5 ip source-track address-limit, page 7 ip source-track export-interval, page 9 ip source-track syslog-interval, page 11 ip ssh, page 13 ip ssh break-string,
More informationCCNA Security PT Practice SBA
A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done.
More informationRestrictions for Secure Copy Performance Improvement
The Protocol (SCP) feature provides a secure and authenticated method for copying router configuration or router image files. SCP relies on Secure Shell (SSH), an application and a protocol that provide
More informationHP High-End Firewalls
HP High-End Firewalls Getting Started Guide Part number: 5998-2646 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719 Legal
More informationConfiguring Local Authentication
This chapter describes local authentication. This chapter also describes procedures to configure local authentication and privilege levels. This chapter includes the following topics: Understanding Authentication,
More informationConfiguring Lock-and-Key Security (Dynamic Access Lists)
Configuring Lock-and-Key Security (Dynamic Access Lists) Feature History Release Modification Cisco IOS For information about feature support in Cisco IOS software, use Cisco Feature Navigator. This chapter
More informationManaging Certificates
Loading an Externally Generated SSL Certificate, page 1 Downloading Device Certificates, page 4 Uploading Device Certificates, page 6 Downloading CA Certificates, page 8 Uploading CA Certificates, page
More informationTable of Contents. 2 MIB Style Configuration 2-1 Setting the MIB Style 2-1 Displaying and Maintaining MIB 2-1
Table of Contents 1 SNMP Configuration 1-1 SNMP Overview 1-1 SNMP Mechanism 1-1 SNMP Protocol Version 1-2 MIB Overview 1-2 SNMP Configuration 1-3 Configuring SNMP Logging 1-5 Introduction to SNMP Logging
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationConfiguring TACACS+ Information About TACACS+ Send document comments to CHAPTER
4 CHAPTER This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on NX-OS devices. This chapter includes the following sections: Information
More informationAutoSecure. Finding Feature Information. Last Updated: January 18, 2012
AutoSecure Last Updated: January 18, 2012 The AutoSecure feature secures a router by using a single CLI command to disable common IP services that can be exploited for network attacks, enable IP services
More informationCisco IOS Firewall Authentication Proxy
Cisco IOS Firewall Authentication Proxy This feature module describes the Cisco IOS Firewall Authentication Proxy feature. It includes information on the benefits of the feature, supported platforms, configuration
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 3 How to Configure SSH, page 5 Monitoring
More informationConnect using Putty to a Linux Server
Connect using Putty to a Linux Server PuTTY is an open source SSH client for Windows, and allows you to securely connect to remote servers from your Windows machine. Configuration SSH Key Authentication
More informationConfiguring Authentication Proxy
The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against industry standard TACACS+ and RADIUS authentication protocols.
More informationConfiguration Examples for Configuration File Management Using SNMP
Configuration Examples for Configuration File Management Using SNMP Keywords: SNMP, NMS, agent, FTP, TFTP, current configuration, configuration file for the next system startup Abstract: Net-SNMP is a
More informationProject #6: Using ssh, scp and sftp with Key-Based Authentication
Project #6: Using ssh, scp and sftp with Key-Based Authentication ssh, scp and sftp Going beyond Password Protection Creating Keys Creating Keys with a Passphrase Using Key-Based Authentication in Our
More informationLab - Examining Telnet and SSH in Wireshark
Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1 Part 1: Configure the Devices
More informationHP Unified Wired-WLAN Products
HP Unified Wired-WLAN Products Security Command Reference HP 830 Unified Wired-WLAN PoE+ Switch Series HP 850 Unified Wired-WLAN Appliance HP 870 Unified Wired-WLAN Appliance HP 11900/10500/7500 20G Unified
More informationConfiguring Security with Passwords, Privileges, and Logins
Configuring Security with Passwords, Privileges, and Logins Cisco IOS based networking devices provide several features that can be used to implement basic security for CLI sessions using only the operating
More informationHWTACACS Technology White Paper
S Series Switches HWTACACS Technology White Paper Issue 1.0 Date 2015-08-08 HUAWEI TECHNOLOGIES CO., LTD. 2015. All rights reserved. No part of this document may be reproduced or transmitted in any form
More informationConfiguring TACACS+ About TACACS+
This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on Cisco NX-OS devices. This chapter includes the following sections: About TACACS+,
More informationSecurity Policy Document Version 3.3. Tropos Networks
Tropos Control Element Management System Security Policy Document Version 3.3 Tropos Networks October 1 st, 2009 Copyright 2009 Tropos Networks. This document may be freely reproduced whole and intact
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol (SCP), page 1 Restrictions for Configuring the Switch for SSH, page 2 Information
More informationConfiguration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example
Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example Document ID: 113337 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration
More informationNetwork Security 2. Module 4 Configure Site-to-Site VPN Using Pre-Shared Keys
1 1 Network Security 2 Module 4 Configure Site-to-Site VPN Using Pre-Shared Keys 2 Learning Objectives 4.1 Prepare a Router for Site-to-Site VPN using Pre-shared Keys 4.2 Configure a Router for IKE Using
More information