275
SSH connection across VPNs
With this function, you can configure the switch as an SSH client to establish connections with SSH
servers in different MPLS VPNs.
As shown in Figure 101, the h
o
sts in VPN 1 and VPN 2 access the MPLS backbone through PEs, with the
services of the two VPNs isolated. After a PE is enabled with the SSH client function, it can establish SSH
connections with CEs in different VPNs that are enabled with the SSH server function to implement secure
access to the CEs and secure transfer of log file.
Figure 101 Network diagram
Configuring the switch as an SSH server
SSH server configuration task list
Complete the following tasks to configure an SSH server:
Task Remarks
Generating a DSA or RSA key pair Required
Enabling the SSH server function Required
Configuring the user interfaces for SSH clients Required
Configuring a client public key
Required for publickey authentication users and
optional for password authentication users
Configuring an SSH user Optional
Setting the SSH management parameters Optional
Generating a DSA or RSA key pair
In the key and algorithm negotiation stage, the DSA or RSA key pair is required to generate the session
key and session ID and for the client to authenticate the server.
Follow these steps to generate a DSA or RSA key pair on the SSH server:
To do… Use the command…
Remarks
Enter system view system-view —
To Next Page
Loading...
Need help?
General