Community
Switches, Hubs, and Modems
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Keying a Procurve 2626

SOLVED
Go to solution
B1
B1
Occasional Visitor

‎12-18-2006 03:02 AM

‎12-18-2006 03:02 AM

Keying a Procurve 2626

Hi,

I am trying to use public-key authentication to enable our backup servers to fetch the configuration of each of our switches and store them centrally.

I have enabled public-key access on a test switch. If I log in directly using SSH I have operator access and can enable up to manager to obtain the configuration. This obviously isn't automated so I tried SFTP and SCP. However, my sessions hang. Looking at SFTP with -v gives:
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer

If I turn off public-key and try logging in as an operator I get the same thing. If I log in with a manager username and password I can grab the files straight off.

So my question is - is there any way to obtain the manager level of access I appear to need to retrieve the configs using public-key authentication alone?

Many thanks in advance,

Mike
0 Kudos
Reply
3 REPLIES
Matt Hobbs
Matt Hobbs
Honored Contributor

‎12-18-2006 08:08 AM

‎12-18-2006 08:08 AM

Solution

Re: Keying a Procurve 2626

Without testing this myself, are you able to use "aaa authentication ssh enable public-key"? Then copy the public-key over as manager - "copy tftp pub-key-file manager"

I'm sure I've done this successfully in the past with one of those two options, or both.
Reply
Lei.Ma
Lei.Ma
Frequent Advisor

‎12-18-2006 01:12 PM

‎12-18-2006 01:12 PM

Re: Keying a Procurve 2626

i didn't try SFTP,but i have tested the SSH. it's work fine.

aaa authentication ssh login public-key
aaa authentication ssh enable public-key
copy tftp pub-key-file 192.168.1.212 Identity.pub manager append
show crypto client-public-key manager
Manager keys:
0,"Ray-Ma@rayma" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDIcwxjOLn8rAc1zNGLG0Vrvue
Jg4zajMzOEVOpQ/4jJ4JjnkAPBRNZ592ItHxkLkpC3oo0M1gjmFymfymDXjhJ+O4D/Wdv8tbJW0duWPQ
Xn6oBFCvVezdnwr0CayiQYuTquoW+tWO+9CuCozArk0uvO7C2czTv+qRLp31KZ1ifRQ==
show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Disabled

| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Local None Local None
Telnet | Local None Local None
Port-Access | Local
Webui | Local None Local None
SSH | PublicKey None PublicKey None
Web-Auth | ChapRadius
MAC-Auth | ChapRadius

in my circumstance, SSH, and manager can login in, If you enter the local operator password, it will be denied
BTW:SecureCRT5.1 generated the Identity.pub
Reply
B1
B1
Occasional Visitor

‎12-18-2006 08:38 PM

‎12-18-2006 08:38 PM

Re: Keying a Procurve 2626

I can't believe I missed this:
"copy tftp pub-key-file manager"

In my defence I've been back through the Access Security Guide and it doesn't use the full syntax. It gives:
"Syntax: copy tftp pub-key-file "

Works perfectly now. If only I'd have kept bashing that tab key ;o)

Thanks to both of you for your help.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.