Configuring the SSH Server 391
c
CAUTION:
■ If you have configured a user interface to support SSH protocol, you must
configure AAA authentication for the user interface by using the
authentication-mode scheme command to ensure successful login.
■ On a user interface, if the authentication-mode password or
authentication-mode none command has been executed, the protocol
inbound ssh command is not available. Similarly, if the protocol inbound ssh
command has been executed, the authentication-mode password and
authentication-mode none commands are not available.
Generating/Destroying a
RSA or DSA Key Pair
This configuration task lets you generate or destroy a key pair. You must generate
an RSA or DSA key pair on the server for an SSH client to log in successfully. When
generating a key pair, you will be prompted to enter the key length in bits, which
is between 512 and 2048. In case a key pair already exists, the system will ask
whether to replace the existing key pair.
n
■ The command for generating a key pair can survive a reboot. You only need to
configure it once.
■ Some third-party software, for example, WinSCP, requires that the modulo of a
public key be greater than or equal to 768. Therefore, a local key pair of more
than 768 bits is recommended.
Specify the supported
protocol(s)
protocol inbound { all |ssh |
telnet }
Optional
By default, both Telnet and
SSH are supported.
Table 300 Configure the protocol(s) that a user interface supports
Operation Command Description
Tab le 301 Create or destroy a key pair
Operation Command Remarks
Enter system view system-view
Generate an RSA key pair rsa local-key-pair create Required
Use either command
By default, no RSA key pair is
created.
public-key local create rsa
Destroy the RSA key pair rsa local-key-pair destroy Optional
Use either command to
destroy the configured RSA
key pair.
public-key local destroy rsa
Generate a DSA key pair public-key local create dsa Required
By default, no DSA key pair is
created.
Destroy the DSA key pair public-key local destroy
dsa
Optional
Use the command to destroy
the configured DSA key pair.
To Next Page
Loading...
