Copying Client Key Files - HP 3500yl Series Access Security Manual

During "public-key" authentication, the client must use its private key to
■
authenticate itself to the server. There can be only one key pair on the
switch for the manager.
■ The private key should be passphrase protected for highest security; the
user is prompted to enter the passphrase.
The private key can be configured by copying it to the SSH client switch
■
(using the copy command).
■ If the public-key authentication fails or the client has not been configured
with a key pair, the "password" method of authentication is used and the
user is prompted for a password.
■ Successful TACACS or RADIUS logins will give the user either operator
or manager privileges. This is important if there are chained SSH sessions.

Copying Client Key Files

Only one ssh client key for authenticating the manager is allowed on a switch.
The copy command allows you to copy the client key files using sftp, tftp, and
usb or xmodem, allowing encryption and authentication through SSH. There is
no way to generate the private key on the switch; it must be copied onto the
switch.
To load the client's private key onto the switch, use one of these commands.
Syntax: copy sftp ssh-client-key [user <username> | <username@>] <hostname
| IPv4 | IPv6> <private-key-filename> [port <tcp-port-num>]
copy tftp ssh-client-key< hostname | IPv4 | IPv6> <private-key-filename>
copy usb ssh-client-key <private-key-filename>
copy xmodem ssh-client-key
Copies the client key file <private-key-filename> onto the
switch.
ssh-client-key: The client key file being copied to the
switch. The file must contain an RSA or DSA key.
[user <username | username@>]: Optional; there must be
configured usernames for Operator and Manager.
If no username is specified, the client's current username
is used. There will be a prompt for a password if needed.
hostname: Specifies the hostname of the SFTP or TFTP
server.
Configuring Secure Shell (SSH)
SSH Client and Secure Sessions
8-33