HPE GreenLake Administration
- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Keying a Procurve 2626
Switches, Hubs, and Modems
1827363
Members
5634
Online
109963
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2006 03:02 AM
12-18-2006 03:02 AM
Hi,
I am trying to use public-key authentication to enable our backup servers to fetch the configuration of each of our switches and store them centrally.
I have enabled public-key access on a test switch. If I log in directly using SSH I have operator access and can enable up to manager to obtain the configuration. This obviously isn't automated so I tried SFTP and SCP. However, my sessions hang. Looking at SFTP with -v gives:
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer
If I turn off public-key and try logging in as an operator I get the same thing. If I log in with a manager username and password I can grab the files straight off.
So my question is - is there any way to obtain the manager level of access I appear to need to retrieve the configs using public-key authentication alone?
Many thanks in advance,
Mike
I am trying to use public-key authentication to enable our backup servers to fetch the configuration of each of our switches and store them centrally.
I have enabled public-key access on a test switch. If I log in directly using SSH I have operator access and can enable up to manager to obtain the configuration. This obviously isn't automated so I tried SFTP and SCP. However, my sessions hang. Looking at SFTP with -v gives:
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer
If I turn off public-key and try logging in as an operator I get the same thing. If I log in with a manager username and password I can grab the files straight off.
So my question is - is there any way to obtain the manager level of access I appear to need to retrieve the configs using public-key authentication alone?
Many thanks in advance,
Mike
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2006 08:08 AM
12-18-2006 08:08 AM
Solution
Without testing this myself, are you able to use "aaa authentication ssh enable public-key"? Then copy the public-key over as manager - "copy tftp pub-key-file manager"
I'm sure I've done this successfully in the past with one of those two options, or both.
I'm sure I've done this successfully in the past with one of those two options, or both.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2006 01:12 PM
12-18-2006 01:12 PM
Re: Keying a Procurve 2626
i didn't try SFTP,but i have tested the SSH. it's work fine.
aaa authentication ssh login public-key
aaa authentication ssh enable public-key
copy tftp pub-key-file 192.168.1.212 Identity.pub manager append
show crypto client-public-key manager
Manager keys:
0,"Ray-Ma@rayma" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDIcwxjOLn8rAc1zNGLG0Vrvue
Jg4zajMzOEVOpQ/4jJ4JjnkAPBRNZ592ItHxkLkpC3oo0M1gjmFymfymDXjhJ+O4D/Wdv8tbJW0duWPQ
Xn6oBFCvVezdnwr0CayiQYuTquoW+tWO+9CuCozArk0uvO7C2czTv+qRLp31KZ1ifRQ==
show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled
| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Local None Local None
Port-Access | Local
Webui | Local None Local None
SSH | PublicKey None PublicKey None
Web-Auth | ChapRadius
MAC-Auth | ChapRadius
in my circumstance, SSH, and manager can login in, If you enter the local operator password, it will be denied
BTW:SecureCRT5.1 generated the Identity.pub
aaa authentication ssh login public-key
aaa authentication ssh enable public-key
copy tftp pub-key-file 192.168.1.212 Identity.pub manager append
show crypto client-public-key manager
Manager keys:
0,"Ray-Ma@rayma" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDIcwxjOLn8rAc1zNGLG0Vrvue
Jg4zajMzOEVOpQ/4jJ4JjnkAPBRNZ592ItHxkLkpC3oo0M1gjmFymfymDXjhJ+O4D/Wdv8tbJW0duWPQ
Xn6oBFCvVezdnwr0CayiQYuTquoW+tWO+9CuCozArk0uvO7C2czTv+qRLp31KZ1ifRQ==
show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled
| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Local None Local None
Port-Access | Local
Webui | Local None Local None
SSH | PublicKey None PublicKey None
Web-Auth | ChapRadius
MAC-Auth | ChapRadius
in my circumstance, SSH, and manager can login in, If you enter the local operator password, it will be denied
BTW:SecureCRT5.1 generated the Identity.pub
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2006 08:38 PM
12-18-2006 08:38 PM
Re: Keying a Procurve 2626
I can't believe I missed this:
"copy tftp pub-key-file manager"
In my defence I've been back through the Access Security Guide and it doesn't use the full syntax. It gives:
"Syntax: copy tftp pub-key-file "
Works perfectly now. If only I'd have kept bashing that tab key ;o)
Thanks to both of you for your help.
"copy tftp pub-key-file
In my defence I've been back through the Access Security Guide and it doesn't use the full syntax. It gives:
"Syntax: copy tftp pub-key-file
Works perfectly now. If only I'd have kept bashing that tab key ;o)
Thanks to both of you for your help.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP