351
Hardware FIPS mode compatibility
MSR1000 Yes
Configuring the device as an SSH server
You can configure the device as an Stelnet, SFTP, or SCP server. Because the configuration
procedures are similar, the SSH server represents the Stelnet server, SFTP server, and SCP server
unless otherwise specified.
SSH server configuration task list
Task Remarks
Generating local DSA or RSA key pairs
Required.
Enabling the SSH server function
Required for Stelnet, SFTP and SCP servers.
Enabling the SFTP server function
Required only for SFTP server.
Configuring the user interfaces for SSH clients
Required.
Configuring a client's host public key
Required if both of the following conditions exist:
• Publickey authentication is configured for
users.
• The clients directly send the public keys to the
server for validity check.
Configuring the PKI domain of the client certificate
See "Configuring PKI."
Required if both of the following conditions exist:
• Publickey authentication is configured for
users.
• The clients send the public keys to the server
through digital certificates for validity check.
The PKI domain must have the CA certificate to
verify the client certificate.
Configuring an SSH user
Required for publickey authentication users and
optional for other authentication users.
Setting the SSH management parameters
Optional.
Generating local DSA or RSA key pairs
DSA or RSA key pairs are required for generating the session key and session ID in the key
exchange stage, and can also be used by a client to authenticate the server. When a client tries to
communicate with a server, it compares the public key that it receives from the server with the server
public key that it saved locally. If the keys are consistent, the client uses the public key to
authenticate the digital signature that receives from the server. If the digital signatures are consistent,
the authentication succeeds. If the digital signatures are consistent, the authentication succeeds.
The public-key local create rsa command generates a server RSA key pair and a host RSA key
pair. Each of the key pairs consists of a public key and a private key. The public key in the server key
pair of the SSH server is used in SSH1 to encrypt the session key for secure transmission of the key.
As SSH2 uses the DH algorithm to generate the session key on the SSH server and client
respectively, no session key transmission is required in SSH2 and the server key pair is not used.
To Next Page
Loading...
Need help?
General
