SSH3 stacking switches

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have 3 switches stacked together (HP 41xx and 25xx), When I log onto
the 41xx (commander) over SSH3 and then go to the 25xx (member) how
secure is the line to the member? I understood that the secure line
goes from my client to the IP of the commander switch, but what
happens when the commander links to the member switch?
Any hints would be very helpfull thanks in advance.

Re: SSH3 stacking switches

Quoted text here. Click to load it

This is kind of off-topic since it's a question about the channel
between the switches, rather than the ssh login to the stack
commander, but here goes anyway.

On the 25xx switches I have, when I login to the master, then to one
of the members and then exit from the member, the master displays a
message "TELNET - MANAGER MODE".  That would seem to imply that the
switches are using telnet between them.  The "Management and
Configuration Guide" from HP also says (p. 9-45 on my copy) that to
use the CLI to access a member switch from the commander, type "telnet

It's using plain old telnet, which is vulnerable to sniffing (it is
doubtful that the switch supports START_TLS option).  There are some
mitigating factors in this scenario.  The switches have to be in the
same broadcast domain, and the MAC addresses of the member and
commander are used to set up the stack in the first place.  That might
make hijacking more difficult, but I wouldn't necessarily count on it.
Sniffing should still be possible.

I wouldn't use the stack management mode for anything I considered
particularly sensitive.  If possible, I would give each switch it's
own IP and ssh directly to it or walk over with a laptop and serial
cable to do sensitive operations.


Michael Zawrotny
Institute of Molecular Biophysics
Florida State University                | email:
Tallahassee, FL 32306-4380              | phone:  (850) 644-0069

Site Timeline