331
Feature and software version compatibility
The following algorithms are available in Release 1121 and later:
• Public key algorithm ECDSA.
• Suite B algorithms.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see "Configuring FIPS."
Configuring the device as an SSH server
You can configure the device as an Stelnet server, SFTP server, or SCP server. Because the
configuration procedures are similar, the SSH server collectively refers to the Stelnet server, the
SFTP server, and the SCP server unless otherwise specified.
SSH server configuration task list
(Optional.) Generating local key pairs
N/A
(Required.) Enabling the Stelnet server Required for Stelnet servers.
(Required.) Enabling the SFTP server Required for SFTP servers.
(Required.) Enabling the SCP server Required for SCP servers.
(Required.) Configuring NETCONF over SSH Required for NETCONF-over-SSH servers.
(Required.) Configuring user lines for SSH login
Required for Stelnet servers and
NETCONF-over-SSH servers.
(Required.) Configuring a client's host public key
Required if the authentication
publickey
,
password-publickey,
or
any
.
Configuring the PKI domain for verifying
certificate
See "Configuring PKI."
Required if the following conditions exist:
• The authentication method is publickey.
• The clients send the public key
server through digital certificates for validity
check.
The PKI domain must have the CA certificate to
verify the client certificate.
(Required/optional.) Configuring an SSH user
Required if the authentication
publickey
,
password-publickey
, or
any
.
Optional if the authentication
password
.
(Optional.) Configuring
parameters
N/A
(Optional.) Specifying a PKI domain for the SSH server N/A
To Next Page
Loading...
Need help?
General