beautypg.com

Configuring the user interfaces for ssh clients, Configuration guidelines, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 166: Configuring a client's host public key

background image

155

Step Command

Remarks

2.

Enable the SSH server
function.

ssh server enable

Disabled by default

Configuring the user interfaces for SSH clients

An SSH client accesses the device through a VTY user interface. Therefore, you need to configure the user

interfaces for SSH clients to allow SSH login. The configuration takes effect only for clients that log in after

the configuration.

Configuration guidelines

If you configure a user interface to support SSH, be sure to configure the corresponding authentication

mode with the authentication-mode scheme command.
For a user interface configured to support SSH, you cannot change the authentication mode. To change

the authentication mode, undo the SSH support configuration first.

Configuration procedure

To configure the protocols for a user interface to support:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter user interface view of
one or more user interfaces.

user-interface vty number
[ ending-number ]

N/A

3.

Set the login authentication
mode to scheme.

authentication-mode scheme

By default, the authentication
mode is password.

4.

Configure the user interface(s)
to support SSH login.

protocol inbound { all | ssh }

Optional.
All protocols are supported by
default.

For more information about authentication-mode and protocol inbound, see Getting Started Command

Reference.

Configuring a client's host public key

This configuration task is only necessary for SSH users using publickey authentication.
For each SSH user that uses publickey authentication to log in, you must configure the client's DSA or RSA

host public key on the server, and configure the client to use the corresponding host private key.
To configure the public key of an SSH client, you can configure it manually or import it from the public key
file:

Configure it manually. You can type or copy the public key to the SSH server. The public key must
have not been converted and be in the Distinguished Encoding Rules (DER) encoding format.

Import it from the public key file. During the import process, the system will automatically convert the
public key to a string coded by using the Public Key Cryptography Standards (PKCS). Before

importing the public key, you must upload the public key file (in binary) to the server through FTP or

TFTP.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: