Configuring the user lines for stelnet clients, Configuring a client's host public key – H3C Technologies H3C S12500-X Series Switches User Manual

173

267B

Configuring the user lines for Stelnet clients

Dependent on different SSH applications, an SSH client can be an Stelnet, SFTP, or SCP client.
The Stelnet client accesses the device through a VTY user line. You must configure the user lines for SSH

clients to allow SSH login. The configuration takes effect only on the clients at next login.
The SFTP or SCP client accesses the device without using a VTY user line.
To configure the user lines for Stelnet clients:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VTY user line view.

line vty number [ ending-number ] N/A

3.

Set the login authentication
mode to scheme.

authentication-mode scheme

By default, the authentication
mode is password.
For more information about this
command, see Fundamentals

Command Reference.

268B

Configuring a client's host public key

If the server uses publickey authentication to authentication a client, it compares the SSH username and

host public key that it receives from the client with those locally saved. If the information is consistent, it

checks the digital signature that the client sends. The digital signature is calculated by the client
according to the private key that corresponds to the host public key.
For SSH servers that use publickey authentication, password-publickey authentication, or any

authentication, you must configure the client's DSA or RSA host public key on the server, and specify the

corresponding host private key on the client to generate the digital signature, so that the client can pass

publickey authentication with correct digital signature. If the device serves as a client, corresponding host
private key is specified by the specified public key algorithm.
You can manually configure the host public key of an SSH client on the server, or import it from the public

key file:

•

Manually configuring the host public key—You can type or copy the client's host public key from
the client to the SSH server. The host public key must be in the DER encoding format without being
converted.
If you use the device to act as the client, you can use the display public-key local public command
to display the host public key and copy its contents to the server. A host public key obtained in

other ways might be in incorrect format and cannot be saved on the server. H3C recommends that

you import a client's host public key from the public key file of the client.

•

Importing the host public key—You can upload the client's public key file (in binary) to the server,
for example, through FTP or TFTP, and import the host public key from the public key file. During the
import process, the server automatically converts the host public key in the public key file to a string

in PKCS format.

H3C recommends that you configure no more than 20 SSH client host public keys on an SSH server.
To manually configure a client's host public key: