Configuration Guide Configuring SSH
After the SCP service is enabled, you can directly download files from the network device and
upload local files to the network device. In addition, all interactive data is encrypted, featuring
authentication and security.
14.3.1 SSH Server
Enable the SSH server function on a network device, and you can set up a secure connection with the network device
through the SSH client. You can also shut down the SSH server function to disconnect from all SSH clients.
Working Principle
For details about the working principle of the SSH server, see the "SSH Communication" in "Basic Concepts." In practice,
after enabling the SSH server function, you can configure the following parameters according to the application
requirements:
Version: Configure the SSH version as SSHv1 orSSHv2 to connect SSH clients.
Authentication timeout: The SSH server starts the timer after receiving a user connection request. The SSH server is
disconnected from the client either when the authentication succeeds or when the authentication timeout is reached.
Maximum number of authentication retries: The SSH server starts authenticating the client after receiving its connection
request. If authentication does not succeed when the maximum number of user authentication retries is reached, a
message is sent, indicating the authentication failure.
Public key authentication: The public key algorithm can be RSA or DSA. It provides a secure connection between the
client and the server. The public key file on the client is associated with the user name. In addition, the public key
authentication mode is configured on the client, and the corresponding private key file is specified. In this way, when the
client attempts to log in to the server, public key authentication can be implemented to set up a secure connection.
Related Configuration
Enabling the SSH Server
By default, the SSH server is disabled.
In global configuration mode, run the [no] enable service ssh-server command to enable or disable the SSH server.
To generate the SSH key, you also need to enable the SSH server.
Specifying the SSH Version
By default, the SSH server supports both SSHv1 and SSHv2, connecting either SSHv1 clients or SSHv2 clients.
Run the ip ssh version command to configure the SSH version supported by the SSH server.
If only SSHv1 or SSHv2 is configured, only the SSH client of the configured version can be connected to the SSH server.
Configuring the SSH Authentication Timeout
By default, the user authentication timeout is 120s.
To Next Page
Loading...
Need help?
General
