Ssh connection across vpns, Configuring the device as an ssh server, Ssh server configuration task list – H3C Technologies H3C SecPath F1000-E User Manual
Page 60

4
NOTE:
•
In the interaction stage, you can execute commands from the client by pasting the commands in text
format (the text must be within 2000 bytes). It is recommended that the commands are in the same view;
otherwise, the server may not be able to perform the commands correctly.
•
If the command text exceeds 2000 bytes, you can execute the commands by saving the text as a
configuration file, uploading the configuration file to the server through Secure FTP (SFTP), and then
using the configuration file to restart the server.
SSH Connection Across VPNs
With this function, you can configure the device as an SSH client to establish connections with SSH
servers in different MPLS VPNs.
As shown in
, the hosts in VPN 1 and VPN 2 access the MPLS backbone through PEs, with the
services of the two VPNs isolated. After a PE is enabled with the SSH client function, it can establish SSH
connections with CEs in different VPNs that are enabled with the SSH server function to implement secure
access to the CEs and secure transfer of log file.
Figure 1 Network diagram for SSH/SFTP connection across VPNs
Configuring the Device as an SSH Server
SSH Server Configuration Task List
Complete the following tasks to configure an SSH server:
Task Remarks
Generating a DSA or RSA Key Pair
Required
Enabling the SSH Server Function
Required
Configuring the User Interfaces for SSH Clients
Required
Configuring a Client Public Key
Required for publickey authentication users and
optional for password authentication users
Optional
Setting the SSH Management Parameters
Optional