beautypg.com

Ssh server configuration task list, Generating local rsa key pairs, Enabling the ssh server function – H3C Technologies H3C SecBlade LB Cards User Manual

Page 170

background image

159

SSH server configuration task list

Task Remarks

Generating local RSA key pairs

Required.

Enabling the SSH server function

Required for Stelnet, SFTP and SCP servers.

Enabling the SFTP server function

Required only for SFTP server.

Configuring the user interfaces for SSH clients

Required.

Configuring a client's host public key

Required if publickey authentication is configured for
users and the clients directly send the public keys to

the server for validity check.

Configuring the PKI domain of the client certificate

See "Configuring PKI."
Required if publickey authentication is configured for
users and the clients send the public keys to the server

through digital certificates for validity check.
The PKI domain must have the CA certificate to verify

the client certificate.

Configuring an SSH user

Required for publickey authentication users and
optional for other authentication users.

Setting the SSH management parameters

Optional.

Generating local RSA key pairs

RSA key pairs are required for generating the session key and session ID in the key exchange stage, and

can also be used by a client to authenticate the server. When a client tries to communicate with a server,

it compares the public key that it receives from the server with the server public key that it saved locally.
If the keys are consistent, the client uses the public key to authenticate the digital signature that receives

from the server. If the digital signatures are consistent, the authentication succeeds. If the digital

signatures are consistent, the authentication succeeds.
The public-key local create rsa command generates a server RSA key pair and a host RSA key pair. Each

of the key pairs consists of a public key and a private key. The public key in the server key pair of the SSH
server is used in SSH1 to encrypt the session key for secure transmission of the key. As SSH2 uses the DH

algorithm to generate the session key on the SSH server and client respectively, no session key

transmission is required in SSH2 and the server key pair is not used.
To generate local RSA key pairs on the SSH server:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Generate RSA key pairs.

public-key local create rsa

By default, no RSA key pairs exist.

Enabling the SSH server function

The SSH server function on the device allows clients to communicate with the device through SSH.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: