beautypg.com

Ssh connection across vpns, Configuring the device as an ssh server, Ssh server configuration task list – H3C Technologies H3C SecPath F1000-E User Manual

Page 60

background image

4

NOTE:

In the interaction stage, you can execute commands from the client by pasting the commands in text
format (the text must be within 2000 bytes). It is recommended that the commands are in the same view;

otherwise, the server may not be able to perform the commands correctly.

If the command text exceeds 2000 bytes, you can execute the commands by saving the text as a
configuration file, uploading the configuration file to the server through Secure FTP (SFTP), and then

using the configuration file to restart the server.

SSH Connection Across VPNs

With this function, you can configure the device as an SSH client to establish connections with SSH

servers in different MPLS VPNs.
As shown in

Figure 1

, the hosts in VPN 1 and VPN 2 access the MPLS backbone through PEs, with the

services of the two VPNs isolated. After a PE is enabled with the SSH client function, it can establish SSH

connections with CEs in different VPNs that are enabled with the SSH server function to implement secure

access to the CEs and secure transfer of log file.

Figure 1 Network diagram for SSH/SFTP connection across VPNs

Configuring the Device as an SSH Server

SSH Server Configuration Task List

Complete the following tasks to configure an SSH server:

Task Remarks

Generating a DSA or RSA Key Pair

Required

Enabling the SSH Server Function

Required

Configuring the User Interfaces for SSH Clients

Required

Configuring a Client Public Key

Required for publickey authentication users and
optional for password authentication users

Configuring an SSH User

Optional

Setting the SSH Management Parameters

Optional