EasyManua.ls Logo

H3C S5100-SI

H3C S5100-SI
830 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
1-9
Table 1-5 Follow these steps to create key pairs:
To do... Use the command... Remarks
Enter system view
system-view
Generate an RSA
key pairs
public-key local create rsa
Generate key
pair(s)
Generate a DSA
key pair
public-key local create dsa
Required
By default, no key
pairs are generated.
z The command for generating a key pair can survive a reboot. You only need to configure it once.
z It takes more time to encrypt and decrypt data with a longer key, which, however, ensures higher
security. Therefore, specify the length of the key pair accordingly.
z Some third-party software, for example, WinSCP, requires that the modulo of a public key must be
greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.
Destroying key pairs
The RSA or DSA keys may be exposed, and you may want to destroy the keys and generate new ones.
Follow these steps to destroy key pairs:
To do… Use the command… Remarks
Enter system view
system-view
Destroy the RSA
key pairs
public-key local destroy rsa
Destroy key
pair(s)
Destroy the DSA
key pair
public-key local destroy dsa
Optional
Creating an SSH User and Specifying an Authentication Type
This task is to create an SSH user and specify an authentication type. Specifying an authentication type
for a new user is a must to get the user login.
An SSH user is represented as a set of user attributes on the SSH server. This set is uniquely identified
with the SSH username. When a user logs in to the SSH server from the SSH client, a username is
required so that the server can looks up the database for matching the username. If a match is found, it
authenticates the user using the authentication mode specified in the attribute set. If not, it tears down
the connection.
To prevent illegal users from logging in to the device, SSH supports the authentication modes of
password, publickey, and password-publickey.
z Password authentication
SSH uses the authentication function of AAA to authenticate the password of the user that is logging in.
Based on the AAA authentication scheme, password authentication can be done locally or remotely. For
local authentication, the SSH server saves the user information and implements the authentication. For

Table of Contents

Related product manuals