ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

How to access enable level on a Procurve switch without hardcoding a password?

steve_eklund
Occasional Collector

How to access enable level on a Procurve switch without hardcoding a password?

We have a large number of ProCurve 2920 switches, and would like to automate backing up their config files to a TFTP or SFTP server. The switches are set up for ssh-only access, no telnet.

I first thought I could use PuTTY, psftp, and the Pageant ssh key management program to do this, but I have run into a problem: Manager (enable) level on these switches cannot be accessed using a public key. We really don't want to have to configure RADIUS just for these switches, and I recoil at the idea of hard-coding a cleartext password into a script.

Does anyone have an alternative? We are a Windows shop, so RANCID is not really an option.

Steve Eklund
K-12 IT support staffer
3 REPLIES
KSHKND
Advisor

Re: How to access enable level on a Procurve switch without hardcoding a password?

Hi, 

You try the below command and let me know if it helps.

HPE(config)#aaa authentication login privilege-mode

Vince-Whirlwind
Honored Contributor

Re: How to access enable level on a Procurve switch without hardcoding a password?

Windows now gives you a free Radius server, so it's actually quite easy to setup, and definitely makes your security look a lot more professional.

Michael Patmon
Trusted Contributor

Re: How to access enable level on a Procurve switch without hardcoding a password?

You should be able to authenticate via public key.  I assume you've copied the key to the switch?  You'll also need to configure SSH for public key auth:

(config)# aaa authentication ssh enable public-key none
(config)# aaa authentication ssh login public-key none

The switch log should also tell you how the session was authenticated:

I 02/23/17 14:30:09 03344 ssh: User mpatmon : SSH session established with
            public-key authentication