HPE Community
HPE Aruba Networking & ProVision-based
1827757 Members
3022 Online
109969 Solutions
New Discussion

How to access enable level on a Procurve switch without hardcoding a password?

 
steve_eklund
Occasional Collector

‎02-16-2017 05:03 PM

‎02-16-2017 05:03 PM

How to access enable level on a Procurve switch without hardcoding a password?

We have a large number of ProCurve 2920 switches, and would like to automate backing up their config files to a TFTP or SFTP server. The switches are set up for ssh-only access, no telnet.

I first thought I could use PuTTY, psftp, and the Pageant ssh key management program to do this, but I have run into a problem: Manager (enable) level on these switches cannot be accessed using a public key. We really don't want to have to configure RADIUS just for these switches, and I recoil at the idea of hard-coding a cleartext password into a script.

Does anyone have an alternative? We are a Windows shop, so RANCID is not really an option.

Steve Eklund
K-12 IT support staffer
0 Kudos
3 REPLIES 3
KSHKND
Advisor

‎02-17-2017 08:08 AM

‎02-17-2017 08:08 AM

Re: How to access enable level on a Procurve switch without hardcoding a password?

Hi, 

You try the below command and let me know if it helps.

HPE(config)#aaa authentication login privilege-mode

0 Kudos
Vince-Whirlwind
Honored Contributor

‎02-20-2017 04:18 PM

‎02-20-2017 04:18 PM

Re: How to access enable level on a Procurve switch without hardcoding a password?

Windows now gives you a free Radius server, so it's actually quite easy to setup, and definitely makes your security look a lot more professional.

0 Kudos
Michael Patmon
Trusted Contributor

‎02-23-2017 07:11 PM

‎02-23-2017 07:11 PM

Re: How to access enable level on a Procurve switch without hardcoding a password?

You should be able to authenticate via public key.  I assume you've copied the key to the switch?  You'll also need to configure SSH for public key auth:

(config)# aaa authentication ssh enable public-key none
(config)# aaa authentication ssh login public-key none

The switch log should also tell you how the session was authenticated:

I 02/23/17 14:30:09 03344 ssh: User mpatmon : SSH session established with
            public-key authentication

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.