Configuration Guide Configuring SSH
Run the ip ssh time-out command to configure the user authentication timeout of the SSH server. Use the no form of the
command to restore the default timeout. The SSH server starts the timer after receiving a user connection request. If
authentication does not succeed before the timeout is reached, authentication times out and fails.
Configuring the Maximum Number of SSH Authentication Retries
By default, the maximum number of user authentication retries is 3.
Run the ip ssh authentication-retries command to configure the maximum number of user authentication retries on the
SSH server. Use the no form of the command to restore the default number of user authentication retries. If authentication
still does not succeed when the maximum number of user authentication retries is reached, user authentication fails.
Specifying the SSH Encryption Mode
By default, the encryption mode supported by the SSH server is Compatible, that is, supporting cipher block chaining (CBC),
counter (CTR) and other encryption modes.
Run the ip ssh cipher-mode command to configure the encryption mode supported by the SSH server. Use the no form of
the command to restore the default encryption mode supported by the SSH server.
Specifying the SSH Message Authentication Algorithm
By default, the message authentication algorithms supported by the SSH server are as follows: (1) For the SSHv1, no
algorithm is supported; (2) For the SSHv2, four algorithms, including MD5,SHA1,SHA1-96, and MD5-96, are supported.
Run the ip ssh hmac-algorithm command to configure the message authentication algorithm supported by the SSH server.
Use the no form of the command to restore the default message authentication algorithm supported by the SSH server.
Enabling the Public Key Authentication on the SSH Server
Run the ip ssh peer command to associate the public key file on the client with the user name. When the client is
authenticated upon login, a public key file is specified based on the user name.
14.3.2 SCP Service
The SSH server provides the SCP service to implement secure file transfer between the server and the client.
Working Principle
SCP is a protocol that supports online file transfer. It runs on Port 22 based on the BSC RCP protocol, whereas RCP
provides the encryption and authentication functions based on the SSH protocol. RCP implements file transfer, and
SSH implements authentication and encryption.
Assume that the SCP service is enabled on the server. When you use an SCP client to upload or download files, the
SCP client first analyzes the command parameters, sets up a connection with a remote server, and starts another SCP
process based on this connection. This process may run in source or sink mode. (The process running in source mode
is the data provider. The process running in sink mode is the destination of data.) The process running in source mode
reads and sends files to the peer end through the SSH connection. The process running in sink mode receives files
through the SSH connection.
To Next Page
Loading...
Need help?
General
