2-14
Configuring Username and Password Security
Saving Security Credentials in a Config File
Figure 2-5. Example of Caution Message Displayed When Executing include-credentials (or include-
credentials store-in-config)
No Include-credentials store-in-config Option
The no include-credentials command disables include-credentials. Credentials
continue to be stored in the active and inactive configurations, but are not
displayed in the config file.
When no include-credentials is used with the store-in-config option, include-
credentials is disabled and the credentials stored in the config files are
removed. The switch is restored to its default state and only stores one set of
operator/manager passwords and SSH keys.
If you choose to execute the no include-credentials store-in-config command,
you are also presented with the option of setting new switch passwords, as
shown in Figure 2-6.
You are also queried about retaining the current SSH authorized keys on the
switch. If you enter “y”, the currently active authorized key files are renamed
to the pre-include-credentials names, for example:
/file/mgr_auth_keys.2 -> /file/mgr_auth_keys
/file/authorized_keys.2 -> /file/authorized_keys
All remaining authorized keys files with an extension are deleted.
HP Switch(config)# include-credentials
**** CAUTION ****
You have invoked the command 'include-credentials'. This action will make changes
to the password and SSH public-key storage.
It will affect *all* stored configurations, which might need to be updated.
Those credentials will no longer be readable by older software revisions.
It also may break some of your existing user scripts. Continue?[y/n] y
Erasing configurations with ‘include-credentials’ enabled will erase stored
passwords and security credentials. The system will reboot with the factory
default configuration.
Proceed?[y/n]
When you enter ‘y’, this caution appears.
To Next Page
Loading...
Need help?
General