beautypg.com

H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 12

background image

vi

SSH server configuration task list ······················································································································ 291

 

Generating ECDSA or RSA key pairs ··············································································································· 291

 

Enabling the SSH server function ······················································································································· 292

 

Configuring the user interfaces for SSH clients ································································································ 292

 

Configuring a client public key ·························································································································· 292

 

Configuring an SSH user ···································································································································· 293

 

Setting the SSH management parameters ········································································································ 294

 

Configuring the access controller as an SSH client ·································································································· 295

 

SSH client configuration task list ························································································································ 295

 

Specifying a source ip address/interface for the SSH client ·········································································· 295

 

Configuring whether first-time authentication is supported ············································································· 296

 

Establishing a connection between the SSH client and server ······································································· 297

 

Displaying and maintaining SSH ······························································································································· 297

 

SSH server configuration examples ··························································································································· 298

 

When the AC acts as an SSH server for password authentication ······························································· 298

 

When the AC acts as an SSH server for publickey authentication ································································ 299

 

SSH client configuration examples ····························································································································· 304

 

When the AC acts as an SSH client for password authentication ································································· 304

 

When the AC acts as an SSH client for publickey authentication ································································· 306

 

Configuring SFTP ····················································································································································· 309

 

SFTP overview ······························································································································································· 309

 

Configuring the access controller as an SFTP server ································································································ 309

 

Enabling the SFTP server ···································································································································· 309

 

Configuring the SFTP connection idle timeout period ····················································································· 309

 

Configuring the access controller an SFTP client ······································································································ 310

 

Specifying a source IP address or interface for the SFTP client ······································································ 310

 

Establishing a connection to the SFTP server ···································································································· 310

 

Working with SFTP directories ··························································································································· 311

 

Working with SFTP files ······································································································································ 312

 

Displaying help information ······························································································································· 312

 

Terminating the connection to the remote SFTP server ···················································································· 313

 

SFTP configuration example ········································································································································ 313

 

Configuring SSL ······················································································································································· 317

 

Overview ······································································································································································· 317

 

SSL security mechanism ······································································································································ 317

 

SSL protocol stack ··············································································································································· 318

 

SSL configuration task list ············································································································································ 318

 

Configuring an SSL server policy ······························································································································· 318

 

Configuration prerequisites ································································································································ 319

 

Configuration procedure ···································································································································· 319

 

SSL server policy configuration example ·········································································································· 320

 

Configuring an SSL client policy ································································································································ 321

 

Configuration prerequisites ································································································································ 321

 

Configuration procedure ···································································································································· 321

 

Displaying and maintaining SSL ································································································································· 322

 

Troubleshooting SSL ····················································································································································· 322

 

SSL handshake failure ········································································································································· 322

 

Configuring TCP attack protection ························································································································· 324

 

Overview ······································································································································································· 324

 

Enabling the SYN Cookie feature ······························································································································ 324

 

Displaying and maintaining TCP attack protection ·································································································· 325