Table of Contents
Advertisement
public-key keyname: Specifies the server by its host public key that the client uses to authenticate
the server. The keyname argument is a case-insensitive string of 1 to 64 characters.
server-pki-domain domain-name: Specifies the PKI domain for verifying the server's certificate.
The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31
characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:),
dots (.), angle brackets (< >), quotation marks ("), and apostrophes (').
source: Specifies a source IPv6 address or source interface for IPv6 SSH packets. By default, the
device automatically selects a source address for IPv6 SSH packets in compliance with RFC 3484.
As a best practice to ensure successful Stelnet connections, specify a loopback interface as the
source interface or specify that interface's IPv6 address as the source IPv6 address.
•
interface interface-type interface-number: Specifies a source interface by its type and number.
The IPv6 address of this interface is the source IPv6 address of the IPv6 SSH packets.
•
ipv6 ipv6-address: Specifies a source IPv6 address.
Usage guidelines
The combination of an escape character and a dot (.) works as an escape sequence. This escape
sequence is typically used to quickly terminate an SSH connection when the server reboots or
malfunctions.
For the escape sequence to take effect, you must enter it at the very beginning of a line. If you have
entered other characters or performed operations in a line, enter the escape sequence in the next
line.
As a best practice, use the default escape character (~). Do not use any characters in SSH
usernames as the escape character.
If the client and the server have negotiated to use certificate authentication, the client must verify the
server's certificate. For the client to correctly get the server's certificate, you must specify the server's
PKI domain on the client by using the server-pki-domain domain-name option. The client uses the
CA certificate stored in the specified PKI domain to verify the server's certificate and does not need
to save the server's public key before authentication. If you do not specify the server's PKI domain,
the client uses the PKI domain of its own certificate to verify the server's certificate.
Examples
# Establish a connection to Stelnet server 2000::1 and specify the public key of the server as svkey.
The SSH client uses publickey authentication. Specify the dollar sign ($) as the escape character.
Use the following algorithms:
•
Preferred key exchange algorithm: dh-group14-sha1.
•
Preferred server-to-client encryption algorithm: aes128-cbc.
•
Preferred client-to-server HMAC algorithm: sha1.
•
Preferred server-to-client HMAC algorithm: sha1-96.
•
Preferred compression algorithm: zlib.
<Sysname> ssh2 ipv6 2000::1 prefer-kex dh-group14-sha1 prefer-stoc-cipher aes128-cbc
prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib public-key svkey
escape $
ssh2 ipv6 suite-b
Use ssh2 ipv6 suite-b to establish a connection to an IPv6 Stelnet server based on Suite B
algorithms.
Syntax
ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type
interface-number ] suite-b [ 128-bit | 192-bit ] pki-domain domain-name [ server-pki-domain
495
Advertisement
Table of Contents
