Configuring the user lines for stelnet clients, Configuring a client's host public key – H3C Technologies H3C S12500-X Series Switches User Manual
Page 185

173
267B
Configuring the user lines for Stelnet clients
Dependent on different SSH applications, an SSH client can be an Stelnet, SFTP, or SCP client.
The Stelnet client accesses the device through a VTY user line. You must configure the user lines for SSH
clients to allow SSH login. The configuration takes effect only on the clients at next login.
The SFTP or SCP client accesses the device without using a VTY user line.
To configure the user lines for Stelnet clients:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter VTY user line view.
line vty number [ ending-number ] N/A
3.
Set the login authentication
mode to scheme.
authentication-mode scheme
By default, the authentication
mode is password.
For more information about this
command, see Fundamentals
Command Reference.
268B
Configuring a client's host public key
If the server uses publickey authentication to authentication a client, it compares the SSH username and
host public key that it receives from the client with those locally saved. If the information is consistent, it
checks the digital signature that the client sends. The digital signature is calculated by the client
according to the private key that corresponds to the host public key.
For SSH servers that use publickey authentication, password-publickey authentication, or any
authentication, you must configure the client's DSA or RSA host public key on the server, and specify the
corresponding host private key on the client to generate the digital signature, so that the client can pass
publickey authentication with correct digital signature. If the device serves as a client, corresponding host
private key is specified by the specified public key algorithm.
You can manually configure the host public key of an SSH client on the server, or import it from the public
key file:
•
Manually configuring the host public key—You can type or copy the client's host public key from
the client to the SSH server. The host public key must be in the DER encoding format without being
converted.
If you use the device to act as the client, you can use the display public-key local public command
to display the host public key and copy its contents to the server. A host public key obtained in
other ways might be in incorrect format and cannot be saved on the server. H3C recommends that
you import a client's host public key from the public key file of the client.
•
Importing the host public key—You can upload the client's public key file (in binary) to the server,
for example, through FTP or TFTP, and import the host public key from the public key file. During the
import process, the server automatically converts the host public key in the public key file to a string
in PKCS format.
H3C recommends that you configure no more than 20 SSH client host public keys on an SSH server.
To manually configure a client's host public key:
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches