To Next Page

To Previous Page

277

{ If a client directly sends the user's public key information to the server, you must specify the

client's public key on the server and the specified public key must already exist. For more

information about public keys, see "Configuring a client's host public key."

{ If a client sends the user's public key information to the server through a digital certificate, you

must specify the PKI domain for verifying the client certificate on the server. To make sure the

authorized SSH users can pass the authentication, the specified PKI domain must have the

correct CA certificate. For more information about configuring a PKI domain, see "Configuring

I."

• W

hen the device operates in FIPS mode as an SSH server, the device does not support the

authentication method of any or publickey.

For information about configuring local users and remote authentication, see "Configuring AAA."

Configuration procedure

To configure an SSH user, and specify the service type and authentication method:

Ste

Command Remarks

1. Enter system

view.

system-view N/A

2. Create an SSH

user, and

specify the

service type

and

authentication

method.

• In non-FIPS mode:

ssh user username service-type { all | netconf | scp

| sftp | stelnet } authentication-type { password |

{ any | password-publickey | publickey } assign

{ pki-domain domain-name | publickey keyname } }

• In FIPS mode:

ssh user username service-type { all | netconf | scp

| sftp | stelnet } authentication-type { password |

password-publickey assign { pki-domain

domain-name | publickey keyname } }

The netconf keyword is

available in Release

2311P04 and later versions.

Setting the SSH management parameters

Setting the SSH management parameters improves the security of SSH connections. The SSH

management parameters include:

To set the SSH management parameters:

Ste

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable the SSH server to

support SSH1 clients.

ssh server compatible-ssh1x

enable

By default, the SSH server supports

SSH1 clients.

This command is not available in

FIPS mode.

3. Set the RSA server key pair

update interval.

ssh server rekey-interval hours

By default, the RSA server key pair

is not updated.

This command takes effect only on

SSH1 clients.

This command is not available in

FIPS mode.

Brand	HP
Model	5920 Series
Category	Switch
Language	English

HP 5920 Series Configuration Guide

Table of Contents

Other manuals for HP 5920 Series

Questions and Answers:

HP 5920 Series Specifications

Related product manuals