HPE Community
Comware Based
1823986 Members
4050 Online
109667 Solutions
New Discussion

5130 EI SSH access

 
Rafterman550
New Member

‎01-28-2020 02:28 AM

‎01-28-2020 02:28 AM

5130 EI SSH access

Good morning All u

I have been follwoing the guide here:

https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=7399420&docLocale=en_US&docId=emr_na-c05028842

For setting up SSH: 

Firstly i should mention the switch is connected to the network (has ip) vlans correctly tagged etc and end users are fine. 

The issue is i get from logs are:

F5ES01 SSHS/6/SSHS_AUTH_PWD_FAIL: Authentication failed for user admin from 172.16.54.179 port 56820 because of invalid username or wrong password.

This is my configuration i believe i has configured a local user correctly following guide above but wondered if someone with more knowledge at HP could assist to see if they can pinpoint where i have obviously gone wrong. 

scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class vty
user-role network-admin
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-admin
#
ip route-static 0.0.0.0 0 192.168.71.1
#
snmp-agent
snmp-agent local-engineid 800063A28040B93C8B724700000001
snmp-agent community read snmprwtest!
snmp-agent sys-info version v2c v3
snmp-agent group v3 itg-snmp privacy
#
ssh server enable
ssh user admin service-type stelnet authentication-type password
#
domain system
authentication login local
authorization login local
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$BrYtpk4LmDvXSXdi$pUlpLHDCKZVIfw8PAwwssZH2W9zB0jbvX73qs23i3k523dlfT8gcCIc6uiBNwUOLjC1AOah8ml7v+zg6viS4vA==
authorization-attribute user-role network-operator

I believe it might be to do with the roles being added and or the domain system configured. I did try to "undo" but the switch states you cannot remove the domain system.

I should advise i am just trying to setup a simple SSH password authentication not 

RBAC 

Any assistance anyone could provide would be much apprciated 

 

Kind regards

 

 

0 Kudos
2 REPLIES 2
HP-Browniee
Respected Contributor

‎01-28-2020 03:43 PM

‎01-28-2020 03:43 PM

Re: 5130 EI SSH access

Hello

Try should give that user the role network-admin.

And i don't know how you configured your password, but you should configure it like this:

password simple <your password>

It will hash it automatically after.

 

 

0 Kudos
VoIP-Buddy
HPE Pro

‎02-10-2020 12:14 PM

‎02-10-2020 12:14 PM

Re: 5130 EI SSH access

Rafterman,

You did not include service-type in the local-user settings.  You need to add at least ssh as a supported protocol.

I would set the ssh user to be service-type ssh and not stelnet.

Lastly, if you expect to be able to manage the switch as user admin, you also need to add the user-role of network-administrator to it.

If other people need access to the switch to monitor it, for example, you can create separate accounts for them with the appropriate permission level.  You would have to ass the ssh user command for each additional account.

The other thing to check, as HP-Browniee said, is to reset the password using password simple to ensure that the password is correct.

Regards,

David

I work for HPE in Aruba Technical Support
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.