EasyManuals Logo

HP 5920 Series Configuration Guide

HP 5920 Series
424 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #283 background imageLoading...
Page #283 background image
272
Configuring the device as an SSH server
SSH server configuration task list
Tasks at a
g
lance
Remarks
(Optional.) Generating local key pairs
N/A
(Required.) Enabling the SSH server function Required for Stelnet and SCP servers.
(Required.) Enabling the SFTP server function Required for SFTP servers.
(Required.) Configuring NETCONF over SSH Required for NETCONF-over-SSH servers.
(Required.) Configuring the user lines for SSH login
Required for Stelnet and NETCONF-over-SSH
servers.
(Required.) Configuring a client's host public key
Required if the authentication method is publickey,
password-publickey, or any.
Configuring the PKI domain for verifying the client
certificate
See "Configuring PKI."
Required if pu
blickey authentication is configured
for users and if the clients send the public keys to
the server through digital certificates for validity
check.
The PKI domain must have the CA certificate to
verify the client certificate.
(Required/optional.) Configuring an SSH user
Required if the authentication method is publickey,
password-publickey, or any.
Optional if the authentication method is password.
(Optional.) Setting the SSH management parameters N/A
Generating local key pairs
The DSA, RSA, or ECDSA key pairs are required for generating the session key and session ID in the key
exchange stage. They can also be used by a client to authenticate the server. When a client tries to
authenticate the server, it compares the public key that it receives from the server with the server public
key that it saved locally. If the keys are consistent, the client uses the locally saved server's public key to
decrypt the digital signature received from the server. If the decryption succeeds, the server passes the
authentication.
Configuration restrictions and guidelines
When you generate local key pairs, follow these restrictions and guidelines:
• To support SSH clients that use different types of key pairs, generate DSA, RSA, and ECDSA key
pairs on the SSH server.
• SSH supports ECDSA key pairs in Release 2311P04 and later versions.
• The SSH server operating in FIPS mode supports only RSA and ECDSA key pairs. Do not generate
the local DSA key pair when the device operates as an SSH server in FIPS mode.
• SSH supports locally generated DSA, RSA, and ECDSA key pairs only with default names. For more
information about the commands that are used to generate keys, see Security Command Reference.

Table of Contents

Other manuals for HP 5920 Series

Preview: Command Reference
Command Reference607 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide215 pages
Preview: Installation Guide
Installation Guide63 pages
Preview: Troubleshooting Guide
Troubleshooting Guide52 pages
Preview: Fc And Fcoe Configuration Guide
Fc And Fcoe Configuration Guide257 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual58 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 5920 Series and is the answer not in the manual?

HP 5920 Series Specifications

General IconGeneral
BrandHP
Model5920 Series
CategorySwitch
LanguageEnglish

Related product manuals