NOTE:
In the interaction stage, you can execute commands from the client by pasting the commands in text
•
format—the text must be within 2000 bytes. The commands should be in the same view. Otherwise, the
server might not be able to perform the commands correctly.
If the command text exceeds 2000 bytes, you can execute the commands by saving the text as a
•
configuration file, uploading the configuration file to the server through Secure FTP (SFTP), and then
using the configuration file to restart the server.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see
Configuring the device as an SSH server
SSH server configuration task list
Complete the following tasks to configure an SSH server:
Task
Generating a DSA or RSA key pair
Enabling the SSH server function
Configuring the user interfaces for SSH clients
Configuring a client public key
Configuring an SSH user
Setting the SSH management parameters
Generating a DSA or RSA key pair
In the key and algorithm negotiation stage, the DSA or RSA key pair is required to generate the session
ID and for the client to authenticate the server.
Follow these steps to generate a DSA or RSA key pair on the SSH server:
To do...
Enter system view
Generate a DSA or RSA key pair
Remarks
Required
Required
Required
Required for publickey authentication users and
optional for password authentication users
Optional
Optional
Use the command...
system-view
public-key local create { dsa | rsa }
245
"Configuring
FIPS") and non-FIPS mode.
Remarks
—
Required
By default, neither DSA key pair
nor RSA key pair exists.