303
Configuring the device as an SSH server
SSH server configuration task list
Tasks at a
lance
Remarks
(Optional.) Generating local key pairs
N/A
(Required.) Enabling the Stelnet server Required for Stelnet servers.
(Required.) Enabling the SFTP server Required for SFTP servers.
(Required.) Enabling the SCP server Required for SCP servers.
(Required.) Configuring NETCONF over SSH Required for NETCONF-over-SSH servers.
(Required.) Configuring user lines for SSH login
Required for Stelnet servers and
NETCONF-over-SSH servers.
(Required.) Configuring a client's host public key
Required if the authentication method is publickey,
password-publickey, or any.
Configuring the PKI domain for verifying the client
certificate
See "Configuring PKI."
Required if the following conditions exist:
• The authentication method is publickey.
• The clients send the public keys to the server
through digital certificates for validity check.
The PKI domain must have the CA certificate to
verify the client certificate.
(Required/optional.) Configuring an SSH user
Required if the authentication method is publickey,
password-publickey, or any.
Optional if the authentication method is password.
(Optional.) Configuring the SSH management
parameters
N/A
Generating local key pairs
The DSA, RSA, or ECDSA key pairs are required for generating the session keys and session ID in the key
exchange stage. They can also be used by a client to authenticate the server. When a client authenticates
the server, it compares the public key received from the server with the server's public key that the client
saved locally. If the keys are consistent, the client uses the locally saved server's public key to decrypt the
digital signature received from the server. If the decryption succeeds, the server passes the
authentication.
When you execute any one of the SSH commands on the device to trigger the running of the SSH
application, the SSH server automatically generates two RSA key pairs. You can also use the public-key
local create command to generate DSA, RSA, or ECDSA key pairs on the device.
Configuration guidelines
When you generate local key pairs, follow these restrictions and guidelines:
• SSH supports locally generated DSA, RSA, and ECDSA key pairs only with default names.
To Next Page
Loading...
Need help?
General