Do you have a question? Post it now! No Registration Necessary. Now with pictures!
October 10, 2003, 10:13 am
rate this thread
I have 3 switches stacked together (HP 41xx and 25xx), When I log onto
the 41xx (commander) over SSH3 and then go to the 25xx (member) how
secure is the line to the member? I understood that the secure line
goes from my client to the IP of the commander switch, but what
happens when the commander links to the member switch?
Any hints would be very helpfull thanks in advance.
- Michael Zawrotny
October 10, 2003, 12:40 pm
Re: SSH3 stacking switches
This is kind of off-topic since it's a question about the channel
between the switches, rather than the ssh login to the stack
commander, but here goes anyway.
On the 25xx switches I have, when I login to the master, then to one
of the members and then exit from the member, the master displays a
message "TELNET - MANAGER MODE". That would seem to imply that the
switches are using telnet between them. The "Management and
Configuration Guide" from HP also says (p. 9-45 on my copy) that to
use the CLI to access a member switch from the commander, type "telnet
It's using plain old telnet, which is vulnerable to sniffing (it is
doubtful that the switch supports START_TLS option). There are some
mitigating factors in this scenario. The switches have to be in the
same broadcast domain, and the MAC addresses of the member and
commander are used to set up the stack in the first place. That might
make hijacking more difficult, but I wouldn't necessarily count on it.
Sniffing should still be possible.
I wouldn't use the stack management mode for anything I considered
particularly sensitive. If possible, I would give each switch it's
own IP and ssh directly to it or walk over with a laptop and serial
cable to do sensitive operations.
Institute of Molecular Biophysics
Florida State University | email: email@example.com
Tallahassee, FL 32306-4380 | phone: (850) 644-0069
- » problems with rsh authentication (for use with mpich)
- — Next thread in » Secure Shell Forum
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum