beautypg.com

H3C Technologies H3C S3600 Series Switches User Manual

Page 913

background image

1-23

Specifying a source IP address/interface for the SSH client

You can configure a souce IP address or the souce IP address by specifying the corresponding

interface for the client to use to access the SSH server. This improves the service manageability when

the SSH client has multiple IP addresses and interfaces

Follow these steps to specify a source IP address/interface for the SSH client:

To do...

Use the command...

Remarks

Enter system view

system-view

Specify a source IP address for
the SSH client

ssh2 source-ip ip-address

Optional

By default, no source IP
address is configured.

Specify a source interface for
the SSH client

ssh2 source-interface
interface-type interface-number

Optional

By default, no source interface
is configured.

Establishing the connection between the SSH client and server

The client’s method of establishing an SSH connection to the SSH server varies with authentication

types.

Follow these steps to establish an SSH connection:

To do...

Use the command...

Remarks

Enter system view

system-view

Start the client to establish a
connection with an SSH server

ssh2 { host-ip | host-name }
[ port-num ] [ identity-key { dsa
| rsa } | prefer_kex
{ dh_group1 |
dh_exchange_group } |
prefer_ctos_cipher { 3des |
des | aes128 } |
prefer_stoc_cipher { 3des |
des | aes128 } |
prefer_ctos_hmac { sha1 |
sha1_96 | md5 | md5_96 } |
prefer_stoc_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] *

Required

In this command, you can also
specify the preferred key
exchange algorithm, encryption
algorithms and HMAC
algorithms between the server
and client.

HMAC: Hash-based message
authentication code

Note that:

The identity-key keyword is
unnecessary in password
authentication and optional in
public key authentication.

When logging into the SSH server using public key authentication, an SSH client needs to read its local

private key for authentication. As two algorithms (RSA or DSA) are available, the identity-key keyword

must be used to specify one algorithm in order to get the correct private key.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: