31
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create local key
pairs.
public-key local create
{
dsa
|
rsa
| ecdsa
} [
name
key-name ]
By default, no local key pairs are created.
3. Enable SSH server.
ssh server enable
By default, SSH server is disabled.
4. (Optional.) Create an
SSH user and
specify the
authentication mode.
• In non-FIPS mode:
ssh user username
service-type stelnet
authentication-type
{ password | { any |
password-publickey |
publickey } assign
publickey keyname }
• In FIPS mode:
ssh user username
service-type stelnet
authentication-type
{ password |
password-publickey
assign publickey
keyname }
By default, no SSH user is configured on the
device.
5. Enter VTY line view
or class view.
• Enter VTY line view:
line vty first-number
[ last-number ]
• Enter VTY line class
view:
line class vty
A setting in user line view is applied only to
the user line. A setting in user line class view
is applied to all user lines of the class.
A non-default setting in either view takes
precedence over a default setting in the other
view. A non-default setting in user line view
takes precedence over a non-default setting
in user line class view.
A setting in user line view takes effect
immediately and affects the online user. A
setting in user line class view does not affect
online users and takes effect only for users
who log in after the configuration is
completed.
6. Enable scheme
authentication.
authentication-mode
scheme
In non-FIPS mode, password authentication
is enabled for VTY lines by default.
In FIPS mode, scheme authentication is
enabled for VTY lines by default.
In VTY line view, this command is associated
with the
protocol inbound
command. If you
specify a non-default value for only one of the
two commands in VTY line view, the other
command uses the default setting, regardless
of the setting in VTY line class view.
7. (Optional.) Specify
the protocols for the
user lines to support.
• In non-FIPS mode:
protocol inbound { all |
ssh | telnet }
• In FIPS mode:
protocol inbound ssh
In non-FIPS mode, Telnet and SSH are
supported by default.
In FIPS mode, SSH is supported by default.
This configuration takes effect only for users
who log in to the user lines after the
configuration is completed.
In VTY line view, this command is associated
with the
authentication-mode
command. If
you specify a non-default value for only one
of the two commands in VTY line view, the
other command uses the default setting,
To Next Page
Loading...
Need help?
General