Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

Keying a Procurve 2626

Go to solution
Occasional Visitor

Keying a Procurve 2626


I am trying to use public-key authentication to enable our backup servers to fetch the configuration of each of our switches and store them centrally.

I have enabled public-key access on a test switch. If I log in directly using SSH I have operator access and can enable up to manager to obtain the configuration. This obviously isn't automated so I tried SFTP and SCP. However, my sessions hang. Looking at SFTP with -v gives:
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer

If I turn off public-key and try logging in as an operator I get the same thing. If I log in with a manager username and password I can grab the files straight off.

So my question is - is there any way to obtain the manager level of access I appear to need to retrieve the configs using public-key authentication alone?

Many thanks in advance,

Matt Hobbs
Honored Contributor

Re: Keying a Procurve 2626

Without testing this myself, are you able to use "aaa authentication ssh enable public-key"? Then copy the public-key over as manager - "copy tftp pub-key-file manager"

I'm sure I've done this successfully in the past with one of those two options, or both.
Frequent Advisor

Re: Keying a Procurve 2626

i didn't try SFTP,but i have tested the SSH. it's work fine.

aaa authentication ssh login public-key
aaa authentication ssh enable public-key
copy tftp pub-key-file Identity.pub manager append
show crypto client-public-key manager
Manager keys:
0,"Ray-Ma@rayma" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDIcwxjOLn8rAc1zNGLG0Vrvue
show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled

| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Local None Local None
Port-Access | Local
Webui | Local None Local None
SSH | PublicKey None PublicKey None
Web-Auth | ChapRadius
MAC-Auth | ChapRadius

in my circumstance, SSH, and manager can login in, If you enter the local operator password, it will be denied
BTW:SecureCRT5.1 generated the Identity.pub
Occasional Visitor

Re: Keying a Procurve 2626

I can't believe I missed this:
"copy tftp pub-key-file manager"

In my defence I've been back through the Access Security Guide and it doesn't use the full syntax. It gives:
"Syntax: copy tftp pub-key-file "

Works perfectly now. If only I'd have kept bashing that tab key ;o)

Thanks to both of you for your help.