18 - 06 - 2024

HP 6125XLG Line (SSH/AUX etc.) authentication

I have found tricky to configure SSH on HP switches integrated in HP BladeSystem C7000 chassis.

The manuals doesnt cover are requiremnts steps so here you will find the way how to configure the SSH/CONSOLE/AUX lines.

First I've started with creating ACL to limit hosts allowed to login via SSH.

acl number 3000
 description "SSH ACL"
 rule 10 permit ip source
 rule 20 permit ip source 0

The second step is to create ECDSA key (comparing to RSA they are more efficient) 

public-key local create ecdsa secp256r1

And apply configuration for terminal  vty lines like  SSH or Telnet (defined by protocol inboud line):

line class vty
user-role network-admin
undo user-role network-operator
authentication-mode scheme
protocol inbound ssh 

And local console and aux lines:

line class aux
user-role network-admin
authentication-mode scheme

line class console
user-role network-admin
authentication-mode scheme

And define user password and access-levels:

local-user admin class manage
password simple <password>
service-type ssh terminal
undo authorization-attribute user-role level-3
authorization-attribute user-role network-admin

Enable SSH Server and disable telnet:

ssh user admin service-type all authentication-type password
ssh server enable
ssh server acl 3000
undo telnet server enable

Save config and from know you lines are requiring user and password for authentication: