SSH connection across VPNs
With this function, you can configure the switch as an SSH client to establish connections with SSH
servers in different MPLS VPNs.
As shown in
services of the two VPNs isolated. After a PE is enabled with the SSH client function, it can establish SSH
connections with CEs in different VPNs that are enabled with the SSH server function to implement secure
access to the CEs and secure transfer of log file.
Figure 101 Network diagram
Configuring the switch as an SSH server
SSH server configuration task list
Complete the following tasks to configure an SSH server:
Task
Generating a DSA or RSA key pair
Enabling the SSH server function
Configuring the user interfaces for SSH clients
Configuring a client public key
Configuring an SSH user
Setting the SSH management parameters
Generating a DSA or RSA key pair
In the key and algorithm negotiation stage, the DSA or RSA key pair is required to generate the session
key and session ID and for the client to authenticate the server.
Follow these steps to generate a DSA or RSA key pair on the SSH server:
To do...
Enter system view
Figure
101, the hosts in VPN 1 and VPN 2 access the MPLS backbone through PEs, with the
Remarks
Required
Required
Required
Required for publickey authentication users and
optional for password authentication users
Optional
Optional
Use the command...
system-view
275
Remarks
—