Configuring the device as an Stelnet client
Stelnet client configuration task list
Tasks at a glance
(Required.)
(Optional.)
Specifying the source IP address for SSH packets
(Required.)
(Optional.)
Establishing a connection to an Stelnet server
based on Suite B
Generating local key pairs
Generate local key pairs on the Stelnet client when the Stelnet server uses the authentication
method publickey, password-publickey, or any.
Configuration restrictions and guidelines
When you generate local key pairs on an Stelnet client, follow these restrictions and guidelines:
•
The Stelnet client operating in FIPS mode supports only ECDSA and RSA key pairs.
•
Local DSA, ECDSA, and RSA key pairs for SSH use default names. You cannot assign names
to the key pairs.
•
The key modulus length must be less than 2048 bits when you generate a DSA key pair.
Configuration procedure
To generate local key pairs on the Stelnet client:
Step
1.
Enter system view.
2.
Generate local key pairs.
Specifying the source IP address for SSH packets
As a best practice, specify the IP address of the loopback interface as the source address of SSH
packets for the following purposes:
•
Ensuring the communication between the Stelnet client and the Stelnet server.
•
Improving the manageability of Stelnet clients in authentication service.
To specify the source IP address for SSH packets:
Step
1.
Enter system view.
Generating local key pairs
Establishing a connection to an Stelnet server
Command
system-view
Command
system-view
public-key local create { dsa |
ecdsa { secp256r1 | secp384r1 }
| rsa }
317
Remarks
Only required when the Stelnet server uses
the authentication method publickey,
password-publickey, or any.
N/A
N/A
N/A
Remarks
N/A
By default, no local key pairs exist
on an Stelnet client.
Remarks
N/A