Configuring The Device As An Ssh Client; Specifying A Source Ip Address/Interface For The Ssh Client; Configuring Whether First-Time Authentication Is Supported - H3C S9500E Series Security Configuration Manual

Routing switches

Hide thumbs Also See for S9500E Series:

Configuration manual (459 pages)

Command reference manual (225 pages)

Installation manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

Table of Contents

To do...

Set the maximum number of

SSH authentication attempts

Authentication will fail if the number of authentication attempts (including both publickey and password

authentication) exceeds that specified in the ssh server authentication-retries command.

Configuring the device as an SSH client

Specifying a source IP address/interface for the SSH client

This configuration task allows you to specify a source IP address or interface for the client to

access the SSH server, improving service manageability.

To do...

Enter system view

Specify a

source IP

address or

interface

for the SSH

client

Configuring whether first-time authentication is supported

When the switch connects to the SSH server as an SSH client, you can configure whether the

switch supports first-time authentication.

•

With first-time authentication, when an SSH client not configured with the server host public

key accesses the server for the first time, the user can continue accessing the server, and save

the host public key on the client. When accessing the server again, the client will use the

saved server host public key to authenticate the server.

•

Without first-time authentication, a client not configured with the server host public key will

deny to access the server. To access the server, a user must configure in advance the server

host public key locally and specify the public key name for authentication.

Enable the device to support first-time authentication

Follow these steps to enable the switch to support first-time authentication:

To do...

Enter system view

Use the command...

ssh server authentication-

retries times

Use the command...

system-view

Specify a source

IPv4 address or

ssh client source { ip ip-address |

interface for the

interface interface-type interface-number }

SSH client

Specify a source

IPv6 address or

ssh client ipv6 source { ipv6 ipv6-address

interface for the

| interface interface-type interface-number }

SSH client

Use the command...

system-view

127

Remarks

Optional

3 by default

Remarks

—

Required

By default, the

address of the

interface decided by

the routing is used

to access the SSH

server

Remarks

—

Table of Contents

Configuring The Device As An Ssh Client; Specifying A Source Ip Address/Interface For The Ssh Client; Configuring Whether First-Time Authentication Is Supported - H3C S9500E Series Security Configuration Manual

Configuring the device as an SSH client

Specifying a source IP address/interface for the SSH client

Configuring whether first-time authentication is supported

Troubleshooting

Related Manuals for H3C S9500E Series

Related Content for H3C S9500E Series

Table of Contents