https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914710#M9991 i didn't try SFTP,but i have tested the SSH. it's work fine.<BR /><BR />aaa authentication ssh login public-key <BR />aaa authentication ssh enable public-key <BR />copy tftp pub-key-file 192.168.1.212 Identity.pub manager append <BR />show crypto client-public-key manager <BR />Manager keys:<BR />0,"Ray-Ma@rayma" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDIcwxjOLn8rAc1zNGLG0Vrvue<BR />Jg4zajMzOEVOpQ/4jJ4JjnkAPBRNZ592ItHxkLkpC3oo0M1gjmFymfymDXjhJ+O4D/Wdv8tbJW0duWPQ<BR />Xn6oBFCvVezdnwr0CayiQYuTquoW+tWO+9CuCozArk0uvO7C2czTv+qRLp31KZ1ifRQ==<BR />show authentication <BR /> Status and Counters - Authentication Information<BR /> Login Attempts : 3 <BR /> Respect Privilege : Disabled <BR /><BR /> | Login Login Enable Enable <BR /> Access Task | Primary Secondary Primary Secondary <BR /> ----------- + ---------- ---------- ---------- ----------<BR /> Console | Local None Local None <BR /> Telnet | Local None Local None <BR /> Port-Access | Local <BR /> Webui | Local None Local None <BR /> SSH | PublicKey None PublicKey None <BR /> Web-Auth | ChapRadius <BR /> MAC-Auth | ChapRadius <BR /><BR />in my circumstance, SSH, and manager can login in, If you enter the local operator password, it will be denied<BR />BTW:SecureCRT5.1 generated the Identity.pub Mon, 18 Dec 2006 21:12:15 GMT Lei.Ma 2006-12-18T21:12:15Z https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914708#M9989 Hi,<BR /><BR />I am trying to use public-key authentication to enable our backup servers to fetch the configuration of each of our switches and store them centrally.<BR /><BR />I have enabled public-key access on a test switch. If I log in directly using SSH I have operator access and can enable up to manager to obtain the configuration. This obviously isn't automated so I tried SFTP and SCP. However, my sessions hang. Looking at SFTP with -v gives:<BR />Request for subsystem 'sftp' failed on channel 0<BR />Couldn't read packet: Connection reset by peer<BR /><BR />If I turn off public-key and try logging in as an operator I get the same thing. If I log in with a manager username and password I can grab the files straight off.<BR /><BR />So my question is - is there any way to obtain the manager level of access I appear to need to retrieve the configs using public-key authentication alone?<BR /><BR />Many thanks in advance,<BR /><BR />Mike Mon, 18 Dec 2006 11:02:56 GMT https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914708#M9989 B1 2006-12-18T11:02:56Z https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914709#M9990 Without testing this myself, are you able to use "aaa authentication ssh enable public-key"? Then copy the public-key over as manager - "copy tftp pub-key-file <IP-ADDRESS> <FILENAME> manager"<BR /><BR />I'm sure I've done this successfully in the past with one of those two options, or both.</FILENAME></IP-ADDRESS> Mon, 18 Dec 2006 16:08:32 GMT https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914709#M9990 Matt Hobbs 2006-12-18T16:08:32Z https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914710#M9991 i didn't try SFTP,but i have tested the SSH. it's work fine.<BR /><BR />aaa authentication ssh login public-key <BR />aaa authentication ssh enable public-key <BR />copy tftp pub-key-file 192.168.1.212 Identity.pub manager append <BR />show crypto client-public-key manager <BR />Manager keys:<BR />0,"Ray-Ma@rayma" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDIcwxjOLn8rAc1zNGLG0Vrvue<BR />Jg4zajMzOEVOpQ/4jJ4JjnkAPBRNZ592ItHxkLkpC3oo0M1gjmFymfymDXjhJ+O4D/Wdv8tbJW0duWPQ<BR />Xn6oBFCvVezdnwr0CayiQYuTquoW+tWO+9CuCozArk0uvO7C2czTv+qRLp31KZ1ifRQ==<BR />show authentication <BR /> Status and Counters - Authentication Information<BR /> Login Attempts : 3 <BR /> Respect Privilege : Disabled <BR /><BR /> | Login Login Enable Enable <BR /> Access Task | Primary Secondary Primary Secondary <BR /> ----------- + ---------- ---------- ---------- ----------<BR /> Console | Local None Local None <BR /> Telnet | Local None Local None <BR /> Port-Access | Local <BR /> Webui | Local None Local None <BR /> SSH | PublicKey None PublicKey None <BR /> Web-Auth | ChapRadius <BR /> MAC-Auth | ChapRadius <BR /><BR />in my circumstance, SSH, and manager can login in, If you enter the local operator password, it will be denied<BR />BTW:SecureCRT5.1 generated the Identity.pub Mon, 18 Dec 2006 21:12:15 GMT https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914710#M9991 Lei.Ma 2006-12-18T21:12:15Z https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914711#M9992 I can't believe I missed this:<BR />"copy tftp pub-key-file <IP-ADDRESS> <FILENAME> manager"<BR /><BR />In my defence I've been back through the Access Security Guide and it doesn't use the full syntax. It gives:<BR />"Syntax: copy tftp pub-key-file <IP-ADDRESS> <FILENAME>"<BR /><BR />Works perfectly now. If only I'd have kept bashing that tab key ;o)<BR /><BR />Thanks to both of you for your help.</FILENAME></IP-ADDRESS></FILENAME></IP-ADDRESS> Tue, 19 Dec 2006 04:38:43 GMT https://community.hpe.com/t5/switches-hubs-and-modems/keying-a-procurve-2626/m-p/3914711#M9992 B1 2006-12-19T04:38:43Z