Comware

 View Only

  • 1.  SSH configuration on HP 5900 switch Comeware 7

    Posted May 26, 2015 06:49 AM

    Hi all ,

     

    I'm trying to log in my switch using SSH .i followed every step as described in the configuration guide document but in vain.Here is my configuration :

     

    ssh server enable

     

    public-key local create rsa name ssh_key

     

    ssh user sshuser service-type stelnet authentication-type password

     

    user-interface vty 0 4

     

         authentication-mode scheme

         protocol inbound ssh

     

     

    Am i missing something ? thanks for your help.

     

    PS: TELNET works fine.


    #ssh


  • 2.  RE: SSH configuration on HP 5900 switch Comeware 7

    Posted May 26, 2015 07:39 AM

    Hello,

     

    Did you generate RSA keys ? are you getting any error while logging through SSH

     

     

    Thanks and regards

    Anurag Thottathil



  • 3.  RE: SSH configuration on HP 5900 switch Comeware 7

    Posted May 26, 2015 05:35 PM

    Hi,

     

    Yes the rsa key is generated and it's present under the  "display key-public ....... " command . No error message

     

    Thanks,



  • 4.  RE: SSH configuration on HP 5900 switch Comeware 7

    Posted May 26, 2015 05:45 PM

    Try using a local user -

    #
    local-user admin class manage
     password simple password
     service-type ssh telnet
     authorization-attribute user-role network-admin
     



  • 5.  RE: SSH configuration on HP 5900 switch Comeware 7

    Posted May 27, 2015 05:24 AM

    i configured the local user. it seems  that the switch doesn't accept ssh connection  although it's configured. No prompt to enter the ssh user credentials.

     

    Putty client returns this error message "Server unexpectedly closed network connection"



  • 6.  RE: SSH configuration on HP 5900 switch Comeware 7

    Posted May 07, 2026 02:12 PM

    Necromancing a 10 year old post.....what could go wrong.

    I've found a couple paths on this.

    First, you can override (modern) ssh behavior by modifying it like below example (add  -o HostKeyAlgorithms=+ssh-rsa):

    ssh -o HostKeyAlgorithms=+ssh-rsa admin@hostname
    Above is just a workaround. To solve this issue, continue.
    Second, once you're in the switch you can (YMMV, danger ahead) delete all SSH keys and re-create them. I had success with this:

    system-view
    public-key local destroy dsa
    public-key local destroy rsa
    public-key local destroy ecdsa

    public-key local create rsa (respond to the prompt with 4096)
    public-key local create ecdsa secp384r1

    These commands delete(destroy) all the existing weak keys if present. Then you create a new RSA key with the max size. RSA won't actually be used for SSH, but it prevents a weaker key from being auto-created by the system.

    The ecdsa key will then be created and 384p1 is the highest one (on my switch/at present) compatible between comware and openssh.

    These commands by their nature are creating keys and don't modify the current-configuration.

    -------------------------------------------



Related Content