Secure access to switches is vital to make sure that your communications to the switch isn't eavesdropped. This guide shows you how to add secure, HTTPS, SSH and remove any insecure remote access methods for Comware v5.
By default, there is no remote access authentication, so you must configure this if you want to be able to remotely manage your Comware switches.
First, create a local user
system-view local-user admin password simple PASSWORD authorization-attribute level 3 service-type web terminal service-type sshThen create a local RSA key
public-key local create rsa1024Note I set the bit size to 1024, you can set this to higher if you like.
Then configure the VTY access
user-interface vty 0 15 authentication-mode scheme user privilege level 3 protocol inbound sshDon't forget to enable SSH!
ssh server enableTelnet should be disabled by default, but if you need the command to disable telnet on Comware
undo telnet server enableI also recommend you enable password access on the aux (console)
user-interface aux 0 authentication-mode scheme user privilege level 3If you want to make things more secure, then make sure you disable HTTP and enable HTTPS access on the Comware switch
undo ip http enableip https enableFor further reading, I recommend you read the 'HP Guide to hardening Comware devices.'
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03536920
And check my other page for applying ACL's to your comware 5 devices