How to access enable level on a Procurve switch without hardcoding a password?

steve_eklund · ‎02-16-2017

We have a large number of ProCurve 2920 switches, and would like to automate backing up their config files to a TFTP or SFTP server. The switches are set up for ssh-only access, no telnet.

I first thought I could use PuTTY, psftp, and the Pageant ssh key management program to do this, but I have run into a problem: Manager (enable) level on these switches cannot be accessed using a public key. We really don't want to have to configure RADIUS just for these switches, and I recoil at the idea of hard-coding a cleartext password into a script.

Does anyone have an alternative? We are a Windows shop, so RANCID is not really an option.

Steve Eklund
K-12 IT support staffer

KSHKND · ‎02-17-2017

Hi,

You try the below command and let me know if it helps.

HPE(config)#aaa authentication login privilege-mode

Vince-Whirlwind · ‎02-20-2017

Windows now gives you a free Radius server, so it's actually quite easy to setup, and definitely makes your security look a lot more professional.

Michael Patmon · ‎02-23-2017

You should be able to authenticate via public key. I assume you've copied the key to the switch? You'll also need to configure SSH for public key auth:

(config)# aaa authentication ssh enable public-key none
(config)# aaa authentication ssh login public-key none

The switch log should also tell you how the session was authenticated:

I 02/23/17 14:30:09 03344 ssh: User mpatmon : SSH session established with
public-key authentication

How to access enable level on a Procurve switch without hardcoding a password?

How to access enable level on a Procurve switch without hardcoding a password?

Re: How to access enable level on a Procurve switch without hardcoding a password?

Re: How to access enable level on a Procurve switch without hardcoding a password?

Re: How to access enable level on a Procurve switch without hardcoding a password?

Hewlett Packard Enterprise International