Fips Compliance; Configuring The Device As An Ssh Server; Ssh Server Configuration Task List; Generating A Dsa Or Rsa Key Pair - HP 5120 SI Series Security Configuration Manual

NOTE:
In the interaction stage, you can execute commands from the client by pasting the commands in text
•
format—the text must be within 2000 bytes. The commands should be in the same view. Otherwise, the
server might not be able to perform the commands correctly.
If the command text exceeds 2000 bytes, you can execute the commands by saving the text as a
•
configuration file, uploading the configuration file to the server through Secure FTP (SFTP), and then
using the configuration file to restart the server.

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see

Configuring the device as an SSH server

SSH server configuration task list

Complete the following tasks to configure an SSH server:
Task

Generating a DSA or RSA key pair

Enabling the SSH server function
Configuring the user interfaces for SSH clients
Configuring a client public key
Configuring an SSH user
Setting the SSH management parameters
Generating a DSA or RSA key pair
In the key and algorithm negotiation stage, the DSA or RSA key pair is required to generate the session
ID and for the client to authenticate the server.
Follow these steps to generate a DSA or RSA key pair on the SSH server:
To do...
Enter system view
Generate a DSA or RSA key pair
Remarks
Required
Required
Required
Required for publickey authentication users and
optional for password authentication users
Optional
Optional
Use the command...
system-view
public-key local create { dsa | rsa }
245
"Configuring FIPS") and non-FIPS mode.
Remarks
—
Required
By default, neither DSA key pair
nor RSA key pair exists.