- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Configuring SSH in PCM
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 01:24 AM
тАО07-21-2010 01:24 AM
Im using PCM 2.3 and i want to use only SSH instead of telnet, i also want the webgui to use SSH.
I have searched the forums and google but i cant seam to find anything useful, so if anyoue could make like a quick guide on how to set it up that would be great.
/Peter
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 01:45 AM
тАО07-21-2010 01:45 AM
Re: Configuring SSH in PCM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 02:23 AM
тАО07-21-2010 02:23 AM
SolutionBut you can use group CLI on PCM and configure SSH and SSL on all switches at once.
You need to select all devices in PCM on which you need to configure SSH and SSL. Click right key on mouse or choose configuration menu and select group CLI.
If you want to save configurations after this check box under command window or type wr mem at the end of commands you type.
To configure SSH you can use PCM+, but if you need to configure a lot of switches, group CLI may be more easy to use.
To configure SSL:
crypto key generate cert 1024
crypto host-cert generate self-signed 01/08/2010 12/31/2012 10.1.1.2 "company" "IT Dept" "Town" CA US
web-management ssl
no web-management plaintext
To configure SSH:
crypto key generate ssh
ip ssh
no telnet-server
Command explanation:
crypto key generate cert 1024 ---- generate key pair to SSL
crypto host-cert generate self-signed 01/08/2010 12/31/2012 10.1.1.2 "company" "IT Dept" "Town" CA US ---- it's all one string! in CLI but i will explain it step by step:
01/08/2010 --- Valid start date of certificate (check your switches time)
12/31/2011 --- Valid end date
10.1.1.2 --- Common name ├в switch IP address or domain name.
"company" --- Organization
"IT Dept" --- Organizational unit
"Town" --- City or location
CA --- State name
US --- Country code
web-management ssl --- enable SSL (HTTPS)
no web-management plaintext --- disable HTTP
SSH:
crypto key generate ssh --- generate key pair to SSH
ip ssh --- enable SSH
no telnet-server --- disable telnet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 02:34 AM
тАО07-21-2010 02:34 AM
Re: Configuring SSH in PCM
/Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 03:22 AM
тАО07-21-2010 03:22 AM
Re: Configuring SSH in PCM
From Access Security Guide:
(This configuration replace two steps:
crypto key generate cert 1024
crypto host-cert generate self-signed 01/08/2010 12/31/2012 10.1.1.2 "company" "IT Dept" "Town" CA US)
But after that you will need to enable ssl and disable http:
web-management ssl
no web-management plaintext
==========
Generate a CA-Signed server host certificate with the Web browser interface:
The installation of a CA-signed certificate involves interaction with other entities and consists of three phases. The first phase is the creation of the CA certificate request, which is then copied off from the switch for submission to the certificate authority. The second phase is the actual submission process that involves having the certificate authority verify the certificate request and then digitally signing the request to generate a certificate response (the usable server host certificate). The third phase is the download phase consisting of pasting to the switch web server the certificate response, which is then validated by the switch and put into use by enabling SSL
To generate a certificate request from the web browser interface:
i. Select the Security tab, then select the [SSL] button
ii. Select the Create Certificate/Certificate Request radio button.
iii. Select Create CA Request from the Certificate Type drop-down list.
iv.
Select the key size from the RSA Key Size drop-down list. If you wish to re-use the current certificate key, select Current from the RSA Key Size drop-down list.
v.
Fill in remaining certificate arguments (Refer to ├в Comments on Certificate Fields.├в on page 9-10.)
vi. Click on [Apply Changes] to create the certificate request. A new web browser page appears, consisting of two text boxes. The switch uses the upper text box for the certificate request text. The lower text box appears empty. You will use it for pasting in the certificate reply after you receive it from the certificate authority. (This authority must return a non- PEM encoded certificate request reply.
vii. After the certificate authority processes your request and sends you a certificate reply (that is, an installable certificate), copy and paste it into the lower text box.
viii. Click on the [Apply Changes] button to install the certificate.
==========
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 04:05 AM
тАО07-21-2010 04:05 AM
Re: Configuring SSH in PCM
crypto key generate cert 1024
crypto host-cert generate self-signed 01/08/2010 12/31/2012 10.1.1.2 "company" "IT Dept" "Town" CA US
web-management ssl
no web-management plaintext
Should i change the line "generate self-signed" to something like "create CA request"?
/Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 04:20 AM
тАО07-21-2010 04:20 AM
Re: Configuring SSH in PCM
1. You need to do this steps from Access Security Guide (This steps you do from switch Web interface):
==========
Generate a CA-Signed server host certificate with the Web browser interface:
The installation of a CA-signed certificate involves interaction with other entities and consists of three phases. The first phase is the creation of the CA certificate request, which is then copied off from the switch for submission to the certificate authority. The second phase is the actual submission process that involves having the certificate authority verify the certificate request and then digitally signing the request to generate a certificate response (the usable server host certificate). The third phase is the download phase consisting of pasting to the switch web server the certificate response, which is then validated by the switch and put into use by enabling SSL
To generate a certificate request from the web browser interface:
i. Select the Security tab, then select the [SSL] button
ii. Select the Create Certificate/Certificate Request radio button.
iii. Select Create CA Request from the Certificate Type drop-down list.
iv.
Select the key size from the RSA Key Size drop-down list. If you wish to re-use the current certificate key, select Current from the RSA Key Size drop-down list.
v.
Fill in remaining certificate arguments (Refer to Comments on Certificate Fields. on page 9-10.)
vi. Click on [Apply Changes] to create the certificate request. A new web browser page appears, consisting of two text boxes. The switch uses the upper text box for the certificate request text. The lower text box appears empty. You will use it for pasting in the certificate reply after you receive it from the certificate authority. (This authority must return a non- PEM encoded certificate request reply.
vii. After the certificate authority processes your request and sends you a certificate reply (that is, an installable certificate), copy and paste it into the lower text box.
viii. Click on the [Apply Changes] button to install the certificate.
==========
2. You need to enable ssl and disable http:
web-management ssl
no web-management plaintext
P.S. Step 1 in this post replase this two commands in first post:
crypto key generate cert 1024
crypto host-cert generate self-signed 01/08/2010 12/31/2012 10.1.1.2 "company" "IT Dept" "Town" CA US
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 04:26 AM
тАО07-21-2010 04:26 AM
Re: Configuring SSH in PCM
But this means i have to do those steps in every switch? Or is there a way to do it faster?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 04:40 AM
тАО07-21-2010 04:40 AM
Re: Configuring SSH in PCM
I check documentation and it states that the only way to request a certificate from CA is from web interface.
Feature: Generating a Certificate Request on the switch
Default: No
Menu: n/a
CLI: n/a
WebAgent: page 9-12
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 05:23 AM
тАО07-21-2010 05:23 AM
Re: Configuring SSH in PCM
Trying a few thins at the moment, but if you have the time and will, you are more then welcome to help me whit this to :)