Configuring The Device As An Stelnet Client; Stelnet Client Configuration Task List; Generating Local Key Pairs; Specifying The Source Ip Address For Ssh Packets - HPE FlexNetwork 7500 Series Security Configuration Manual

Configuring the device as an Stelnet client

Stelnet client configuration task list

Tasks at a glance
(Required.)
(Optional.)

Specifying the source IP address for SSH packets

(Required.)
(Optional.) Establishing a connection to an Stelnet server
based on Suite B

Generating local key pairs

Generate local key pairs on the Stelnet client when the Stelnet server uses the authentication
method publickey, password-publickey, or any.
Configuration restrictions and guidelines
When you generate local key pairs on an Stelnet client, follow these restrictions and guidelines:
•
The Stelnet client operating in FIPS mode supports only ECDSA and RSA key pairs.
•
Local DSA, ECDSA, and RSA key pairs for SSH use default names. You cannot assign names
to the key pairs.
•
The key modulus length must be less than 2048 bits when you generate a DSA key pair.
Configuration procedure
To generate local key pairs on the Stelnet client:
Step
1. Enter system view.
2. Generate local key pairs.
Specifying the source IP address for SSH packets
As a best practice, specify the IP address of the loopback interface as the source address of SSH
packets for the following purposes:
•
Ensuring the communication between the Stelnet client and the Stelnet server.
•
Improving the manageability of Stelnet clients in authentication service.
To specify the source IP address for SSH packets:
Step
1. Enter system view.
Generating local key pairs
Establishing a connection to an Stelnet server
Command
system-view
Command
system-view
public-key local create { dsa |
ecdsa { secp256r1 | secp384r1 }
| rsa }
317
Remarks
Only required when the Stelnet server uses
the authentication method publickey,
password-publickey, or any.
N/A
N/A
N/A
Remarks
N/A
By default, no local key pairs exist
on an Stelnet client.
Remarks
N/A