308
Configuration guidelines
• To support SSH clients that use different types of key pairs, generate DSA, RSA, and ECDSA key
pairs on the SSH server.
• When an SSH user logs in to the switch, RSA key pairs can be automatically generated if no local
DSA, RSA, or ECDSA key pairs are configured on the switch.
• The public-key local create rsa command generates a server RSA key pair and a host RSA key pair.
Each of the key pairs consists of a public key and a private key. The public key in the server key pair
of the SSH server is used in SSH1 to encrypt the session key for secure transmission of the key. As
SSH2.0 uses the DH algorithm to generate the session key on the SSH server and client, no session
key transmission is required in SSH2.0 and the server key pair is not used.
• The public-key local create dsa command generates only one DSA host key pair. SSH1 does not
support the DSA algorithm.
• The public-key local create ecdsa command generates only one ECDSA host key pair.
Configuration procedure
To generate local key pairs on the SSH server:
Ste
Command
Remarks
1. Enter system view. system-view N/A
2. Generate local key pairs.
• In non-FIPS mode:
public-key local create { dsa |
ecdsa { secp192r1 |
secp256r1 } | rsa }
• In FIPS mode:
public-key local create { dsa |
ecdsa secp256r1 | rsa }
By default, no local key pairs exist.
Enabling the SSH server function
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SSH server
function.
ssh server enable Disabled by default
NOTE:
hen the device acts as an SCP server, only one SCP user is allowed to access to the SCP server at one
time.
Configuring the user interfaces for SSH clients
An SSH client accesses the switch through a VTY user interface. You must configure the user interfaces for
SSH clients to allow SSH login. The configuration takes effect only for clients that log in after the
configuration.
To Next Page
Loading...
Need help?
General