Establishing A Connection To An Stelnet Server - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Step
2.
Specify the source
address for SSH packets.
Establishing a connection to an Stelnet server
When you try to access an Stelnet server, the device must use the server's host public key to
authenticate the server. If the server's host public key is not configured on the device, the device will
notify you to confirm whether to continue with the access.
•
If you choose to continue, the device accesses the server and downloads the server's host
public key.
•
If you choose to not continue, the connection cannot be established.
As a best practice, configure the server's host public key on the device in an insecure network.
The client cannot establish connections to both IPv4 and IPv6 Stelnet servers.
To establish a connection to an IPv4 Stelnet server:
Task
Establish a
connection to an IPv4
Stelnet server.
Command
•
Specify the source IPv4 address for
SSH packets:
ssh client source { interface
interface-type interface-number | ip
ip-address }
•
Specify the source IPv6 address for
SSH packets:
ssh client ipv6 source { interface
interface-type interface-number |
ipv6 ipv6-address }
Command
•
In non-FIPS mode:
ssh2 server [ port-number ] [ vpn-instance
vpn-instance-name ] [ identity-key { dsa |
ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384 |
rsa | { x509v3-ecdsa-sha2-nistp384 |
x509v3-ecdsa-sha2-nistp256 } pki-domain
domain-name } | prefer-compress zlib |
prefer-ctos-cipher { 3des-cbc | aes128-cbc |
aes128-ctr | aes128-gcm | aes192-ctr |
aes256-cbc | aes256-ctr | aes256-gcm |
des-cbc } | prefer-ctos-hmac { md5 | md5-96 |
sha1 | sha1-96 | sha2-256 | sha2-512 } |
prefer-kex { dh-group-exchange-sha1 |
dh-group1-sha1 | dh-group14-sha1 |
ecdh-sha2-nistp256 | ecdh-sha2-nistp384 } |
prefer-stoc-cipher { 3des-cbc | aes128-cbc |
aes128-ctr | aes128-gcm | aes192-ctr |
aes256-cbc | aes256-ctr | aes256-gcm |
des-cbc } | prefer-stoc-hmac { md5 | md5-96 |
sha1 | sha1-96 | sha2-256 | sha2-512 } ] *
[ dscp dscp-value | escape character |
{ public-key keyname | server-pki-domain
domain-name } | source { interface
interface-type interface-number | ip
ip-address } ] *
•
In FIPS mode:
ssh2 server [ port-number ] [ vpn-instance
vpn-instance-name ] [ identity-key
{ ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384
318
Remarks
By default, the source IP
address for SSH packets is not
configured. For IPv4 SSH
packets, the device uses the
primary IPv4 address of the
output interface specified in
the routing entry as the source
address of the packets. For
IPv6 SSH packets, the device
automatically selects an IPv6
address as the source address
of the packets in compliance
with RFC 3484.
Remarks
Available in user view.
Advertisement
Table of Contents
Troubleshooting
