Option A: Configuring SSH access for password-only SSH authentication

When configured with this option, the switch uses its public key to authenticate itself to a client, but uses only passwords for client authentication.

NOTE:

Hewlett Packard Enterprise recommends that you always assign a manager-level (enable) password to the switch. Without this level of protection, any user with Telnet, web, or serial port access to the switch can change the switch configuration. If you configure only an operator password, entering the operator password through telnet, web, ssh or serial port access enables full manager privileges. See 1.

Procedure
  1. Configure a password method for the primary and secondary login (operator) access.

    If you do not specify an optional secondary method, it defaults to none. If the primary method is local, the secondary method must be none.

    The authorized option allows access without authentication.

    
    aaa authentication ssh login <local|tacacs|radius|[public-key>][<local|none|authorized>]
    
  2. Configures a password method for the primary and secondary enable (manager) access.

    If you do not specify an optional secondary method, it defaults to none. If the primary method is local, the secondary method must be none.

    The authorized option allows access without authentication.

    aaa authentication ssh enable <local|tacacs|radius|public-key>[<local|none|authorized>]