353
To configure the user interfaces for SSH clients:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter VTY user interface
view.
user-interface
vty
number
[ ending-number ]
N/A
3. Set the login authentication
mode to scheme.
authentication-mode
scheme
By default, the authentication
mode is
password
.
4. Configure the user interfaces
to support SSH login.
protocol inbound
{
all
|
ssh
}
Optional.
By default, all protocols (Telnet,
PAD, and SSH) are supported.
For more information about the authentication-mode and protocol inbound commands, see HPE
FlexNetwork MSR Router Series Comware 5 Fundamentals Command Reference.
Configuring a client's host public key
This configuration task is only necessary if publickey authentication is configured for users and the
clients directly send the public key to the server for authentication.
During a publickey authentication for a client, the server first compares the SSH username and host
public key received from the client with those saved locally. If the information is consistent, it
examines the digital signature that the client sends. The digital signature is calculated by the client
according to the private key associated with the host public key.
You must configure the client's DSA or RSA host public key on the server, and specify the associated
host private key on the client to generate the digital signature, so that the client can pass publickey
authentication with correct digital signature. If the device serves as a client, the associated host
private key is specified by the specified public key algorithm.
You can manually configure the public key of an SSH client on the server, or import it from the public
key file:
• Manual configuration—Type or copy the client host public key on the client to the SSH server.
The host public key must be in the DER encoding format, which has not been converted.
Manually configured client host public keys must be in the specified format. If you use the
device to act as the client, you can use the display public-key local public command to view
the host public key and copy its contents to the server. A host public key obtained in other ways
might be in incorrect format and cannot be saved on the server. Hewlett Packard Enterprise
recommends that you configure a client public key by importing it from a public key file.
• Importing from the public key file—Upload the client's host public key file (in binary) to the
server (for example, through FTP or TFTP), and import the uploaded file to the server. During
the import process, the server automatically converts the public key in the public key file to a
string in PKCS format.
You can configure up to 20 SSH client public keys on an SSH server.
For more information about client public key configuration, see "Managing public keys."
Configuring a client public key manually
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter public key view.
public-key peer
keyname N/A
3. Enter public key code view.
public-key-code begin
N/A
To Next Page
Loading...
