Password-publickey authentication—The server requires SSH2 clients to pass both password
•
authentication and publickey authentication. However, an SSH1 client only needs to pass either
authentication, regardless of the requirement of the server.
•
Any authentication—The server requires clients to pass either password authentication or publickey
authentication.
Configuring the device as an SSH server
You can configure the device as an Stelnet, SFTP, or SCP server. Because the configuration procedures
are similar, the SSH server represents the Stelnet, SFTP, or SCP server unless otherwise specified.
server configuration task list
Tasks at a glance
(Required.)
(Required.)
(Required.)
(Required.)
(Required.)
(Required/optional.)
(Optional.)
Generating local DSA or RSA key pairs
The DSA or RSA key pairs are required for generating the session key and session ID in the key exchange
stage, and can also be used by a client to authenticate the server. When a client tries to authenticate the
server, it compares the public key that it receives from the server with the server public key that it saved
locally. If the keys are consistent, the client uses the public key to authenticate the digital signature that
receives from the server. If the digital signatures are consistent, the authentication succeeds.
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on the
SSH server.
Configuration guidelines
Key pairs used in SSH are defaulted. For more information about the commands that are used to
•
generate keys, see Security Command Reference.
•
The public-key local create rsa command generates a server key pair and a host key pair for RSA.
SSH1 uses the public key in the server key pair of the SSH server to encrypt the session key before
transmitting the session key. Because SSH2 uses the DH algorithm to separately generate the
session key on the SSH server and the client, no session key transmission is required and thus the
server key pair is not used in SSH2.
Generating local DSA or RSA key pairs
Enabling the SSH server function
Enabling the SFTP server function
Configuring the user interfaces for SSH clients
Configuring a client's host public key
Configuring an SSH user
Setting the SSH management parameters
Remarks
N/A
Required for Stelnet, SFTP, and SCP servers.
Required for SFTP server.
N/A
Required for users that use publickey
authentication, whether together with password
authentication or not.
Required for users that use publickey
authentication, whether together with password
authentication or not.
Optional for users that use only password
authentication.
N/A
154
SSH