Configuring The Device As An Ssh Server; Enabling Ssh Server; Configuring The User Interfaces For Ssh Clients - H3C S9500E Series Security Configuration Manual

If the command text exceeds 2000 bytes, you can execute the commands by saving the text as a
•
configuration file, uploading the configuration file to the server through SFTP, and then using the
configuration file to restart the server.

Configuring the device as an SSH server

To ensure that all SSH clients can log into the SSH server successfully, you are recommended to generate
both DSA and RSA key pairs on the SSH server. This is because different SSH clients may use different
publickey algorithms, though a single client usually uses only one type of publickey algorithm.

Enabling SSH server

Follow these steps to enable SSH server:
To do...
1. Enter system view
2. Enable the SSH server function

Configuring the user interfaces for SSH clients

An SSH client accesses the switch through a VTY user interface. Therefore, you need to configure
the user interfaces for SSH clients to allow SSH login. Note that the configuration takes effect only
for clients logging in after the configuration.
Follow these steps to configure the protocols for the current user interface to support:
To do...
1. Enter system view
2. Enter user interface view of one
or more user interfaces
3. Set the login authentication
mode to scheme
4. Configure the user interface(s)
to support SSH login
For more information about the authentication-mode and protocol inbound commands, see
•
Logging In to the Switch in the Fundamentals Configuration Guide.
Use the command...
system-view
ssh server enable
Use the command...
system-view
user-interface vty number [
ending-number ]
authentication-mode scheme
[ command-authorization ]
protocol inbound { all | ssh }
123
Remarks
—
Required
Disabled by default
Remarks
—
—
Required
By default, the authentication mode
is password.
Optional
By default, the system supports
both protocols, that is, Telnet and
SSH.