connections with CEs in different VPNs that are enabled with the SSH server function to implement secure
access to the CEs and secure transfer of log file.
Figure 90 Network diagram
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see
Configuring the switch as an SSH server
SSH server configuration task list
Task
Generating DSA or RSA key pairs
Enabling the SSH server function
Configuring the user interfaces for SSH clients
Configuring a client public key
Configuring an SSH user
Setting the SSH management parameters
Setting the DSCP value for packets sent by the SSH
server
Generating DSA or RSA key pairs
In the key and algorithm negotiation stage, the DSA or RSA key pairs are used to generate the session
key and session ID and for the client to authenticate the server.
Configuration guidelines
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs
•
on the SSH server.
"Configuring
Remarks
Optional
Required
Required
Required for publickey authentication users and
optional for password authentication users
Optional
Optional
Optional
304
FIPS") and non-FIPS mode.