beautypg.com

Configuration procedure, Enabling the ssh server, Enabling the sftp server – H3C Technologies H3C S6300 Series Switches User Manual

Page 285: Required.)

background image

270

The public-key local create rsa command generates a server key pair and a host key pair for RSA.

SSH1 uses the public key in the server key pair of the SSH server to encrypt the session key before
transmitting the session key. Because SSH2 uses the DH algorithm to separately generate the

session key on the SSH server and the client, no session key transmission is required and thus the

server key pair is not used in SSH2.

The public-key local create dsa command generates only a host key pair. SSH1 does not support
the DSA algorithm.

The key modulus length must be less than 2048 bits when you use the public-key local create dsa

command to generate the DSA key pair on the SSH server.

The public-key local create ecdsa command generates only a host key pair.

In Release 2311P04 and later versions, the SSH application starts when you execute an SSH

configuration command. The device automatically generates RSA key pairs if no local key pairs
have been created by using the public-key local create command.

Configuration procedure

To generate local key pairs on the SSH server:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Generate local key pairs.

In Release 2310:

public-key local create { dsa |
rsa }

In Release 2311P04 and later

versions:

{

In non-FIPS mode:

public-key local create { dsa
| ecdsa { secp192r1 |

secp256r1 } | rsa }

{

In FIPS mode:

public-key local create { dsa

| ecdsa secp256r1 | rsa }

By default, no local key pairs exist.

Enabling the SSH server

After you enable the SSH server on the device, clients can log in to the device through Stelnet or SCP.
The device that acts as an SSH server does not support SCP connections initiated by SSH1 clients.
To enable the SSH server:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the SSH server.

ssh server enable

By default, the SSH server is
disabled.

Enabling the SFTP server

After you enable the SFTP server on the device, a client can log in to the device through SFTP.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: