Configuration Examples‎ > ‎HP / HPE‎ > ‎Comware v5‎ > ‎

Secure Access

Secure access to switches is vital to make sure that your communications to the switch isn't eavesdropped. This guide shows you how to add secure, HTTPS, SSH and remove any insecure remote access methods for Comware v5.


By default, there is no remote access authentication, so you must configure this if you want to be able to remotely manage your Comware switches.


First, create a local user
system-view
 local-user admin
  password simple PASSWORD
  authorization-attribute level 3
  service-type web terminal
  service-type ssh

Then create a local RSA key

public-key local create rsa
1024

Note I set the bit size to 1024, you can set this to higher if you like.

Then configure the VTY access

user-interface vty 0 15
 authentication-mode scheme
 user privilege level 3
 protocol inbound ssh

Don't forget to enable SSH!

ssh server enable

Telnet should be disabled by default, but if you need the command to disable telnet on Comware

undo telnet server enable

I also recommend you enable password access on the aux (console)

user-interface aux 0
 authentication-mode scheme 
 user privilege level 3


If you want to make things more secure, then make sure you disable HTTP and enable HTTPS access on the Comware switch

undo ip http enable
ip https enable

For further reading, I recommend you read the 'HP Guide to hardening Comware devices.'


http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03536920


And check my other page for applying ACL's to your comware 5 devices

Hardening Comware 5 Devices