307
connections with CEs in different VPNs that are enabled with the SSH server function to implement secure
access to the CEs and secure transfer of log file.
Figure 89 Network diagram
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non
-FIPS mode.
Configuring the switch as an SSH server
SSH server configuration task list
Task Remarks
Generating local key pairs Optional
Enabling the SSH server function Required
Configuring the user interfaces for SSH clients Required
Configuring a client's host public key
Required for publickey authentication users and
optional for password authentication users
Configuring an SSH user Optional
Setting the SSH management parameters Optional
Setting the DSCP value for packets sent by the SSH
server
Optional
Generating local key pairs
In the key and algorithm negotiation stage, the DSA, RSA, or ECDSA key pairs are used to generate the
session key and session ID. They can also be used by a client to authenticate the server.
To Next Page
Loading...
Need help?
General