352
The public-key local create dsa command generates only the host key pair. SSH1 does not
support the DSA algorithm.
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on
the SSH server.
To generate local DSA or RSA key pairs on the SSH server:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Generate DSA or RSA key
pairs.
public-key local create
{
dsa
|
rsa
}
By default, neither DSA key pair
nor RSA key pairs exist.
The
dsa
keyword is not supported
in FIPS mode.
Enabling the SSH server function
The SSH server function on the device allows clients to communicate with the device through SSH.
When the device acts as an SCP server, only one SCP user is allowed to access to the SCP server
at one time.
To enable the SSH server function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the SSH server
function.
ssh server enable
Disabled by default.
Enabling the SFTP server function
This SFTP server function enables clients to log in to the SFTP server through SFTP.
When the device functions as the SFTP server, only one client can access the SFTP server at one
time.
To enable the SFTP server function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the SFTP server
function.
sftp server enable
Disabled by default.
Configuring the user interfaces for SSH clients
An SSH client accesses the device through a VTY user interface. You must configure the user
interfaces for SSH clients to allow SSH login. The configuration takes effect only on the clients at
next login.
IMPORTANT:
Before you configure a user interface to support SSH, you must configure its authentication mode to
scheme. Otherwise, the protocol inbound command fails.
To Next Page
Loading...
Need help?
General
