HPE Community
Switches, Hubs, and Modems
1821066 Members
2653 Online
109631 Solutions
New Discussion

SSH2 with public-key on 2600 Series incorrect credentials

 
mwiche
Occasional Advisor

‎10-28-2008 02:28 AM

‎10-28-2008 02:28 AM

SSH2 with public-key on 2600 Series incorrect credentials

Hi @ all,

I started the thread with the wrong subject a short time ago. so, a 2nd time.

I try to configure ssh2 public-key connections using pcm+ V2.2. I did every step written in manuals and whitepapers. currently i'm trying with an 2626 J4900B running on H.10.35 FW

sh ssh....

SSH Enabled : Yes
SSH Version : 2
TCP Port Number : 22
Timeout (sec) : 120
Server Key Size (bits) : 1024
Secure Copy Enabled : No

I did also the copy tftp pub-key-file ... manager command.

i can see the keys that i copied to the switch and i used the "aaa auth ssh enable public-key" command.

sh authentication:

Login Attempts : 3
Respect Privilege : Disabled

| Login Login Enable Enable
| Primary Secondary Primary Secondary
----------- + ---------- ---------- ----------
Console | Local None Local None
Telnet | Local None Local None
Port-Access | Local
Webui | Local None Local None
SSH | PublicKey None PublicKey None
Web-Auth | ChapRadius
MAC-Auth | ChapRadius

If i run the test communication parameters command in pcm+ i got the message: "Failed: Incorrect Credentials" for Manager and Operator.

What's going wrong?? :-((
0 Kudos
1 REPLY 1
mwiche
Occasional Advisor

‎10-28-2008 04:06 AM

‎10-28-2008 04:06 AM

Re: SSH2 with public-key on 2600 Series incorrect credentials

ok, finally i solved the problem by myself.

what you have to do if you want use SSH2 public key authentication with pcm+ and 2600 Series Switches (and of course some more models)is as follows:

1. In pcm+ navigate to preferences->Device
Access->SSH key and klick the Button
"Generate new key pair". Before you do
this be sure that you don't use the
current key if exists. I think this
step is optional if an key exists.

2. Connect to the switch you want access
by public key auth with manager priv.

3. type the following commands
a. copy tftp pub-key-file
IP_OF_PCM+_SERVER procurveSSH2.pub
manager|operator [append]
b. ip ssh key-size 1024
c. crypto key generate ssh rsa
d. ip ssh
e. aaa authentication ssh enable
public-key
f. aaa authentication ssh login
public-key

4. show the fingerprint of the
host-public-key for copy and paste to
pcm:
sh crypto host-public-key fingerprint
copy the result line with the SSH2
fingerprint to clipboard without
host_ssh2.pub at the end of the line.

5. Go back to pcm and open
the "communication parameters in pcm"
wizard. By example using the Navigation
tree: Interconnect Devices -> 2600 ->
right-click-on-your-device -> Device
Access -> Communication Parametern in PCM
Now, check "Cli Settings" and Click Next.
On CLI Timeout and Retries Window click
Next. In "configure CLI Mode" Window
uncheck "Use PCM Defaults?" if it is not
set to SSH and go Next. In "SSH
Credentials" Window be sure you set "SSH
Version" to SSH2 and "SSH
Authentication" to Key. In the textbox
labeled with key, insert your
fingerprint out of the clipboard.
Last click finish.

Now you shoud be able to connect your switch with SSH2 using public key.
If I did some mistakes writing this down, please correct me by answering this thread.


0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.