Secure access to switches is vital to make sure that your communications to the switch isn't eavesdropped. This guide shows you how to add secure, HTTPS, SSH and remove any insecure remote access methods for Comware v5.
By default, there is no remote access authentication, so you must configure this if you want to be able to remotely manage your Comware switches.
First, create a local user
system-view
local-user admin
password simple PASSWORD
authorization-attribute level 3
service-type web terminal
service-type ssh
Then create a local RSA key
public-key local create rsa
1024
Note I set the bit size to 1024, you can set this to higher if you like.
Then configure the VTY access
user-interface vty 0 15
authentication-mode scheme
user privilege level 3
protocol inbound ssh
Don't forget to enable SSH!
ssh server enable
Telnet should be disabled by default, but if you need the command to disable telnet on Comware
undo telnet server enable
I also recommend you enable password access on the aux (console)
user-interface aux 0
authentication-mode scheme
user privilege level 3
If you want to make things more secure, then make sure you disable HTTP and enable HTTPS access on the Comware switch
undo ip http enable
ip https enable
For further reading, I recommend you read the 'HP Guide to hardening Comware devices.'
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03536920
And check my other page for applying ACL's to your comware 5 devices