To support SSH clients that use different types of key pairs, generate DSA, RSA, and ECDSA key
•
pairs on the SSH server.
The SSH server operating in FIPS mode supports only RSA and ECDSA key pairs.
•
The public-key local create rsa command generates a server key pair and a host key pair for RSA.
•
In SSH1, the public key in the server key pair is used to encrypt the session key for secure
transmission of the session key. Because SSH2 uses the DH algorithm to generate each session key
on the SSH server and the client, no session key transmission is required. The server key pair is not
used in SSH2.
The public-key local create dsa command generates only a DSA host key pair. SSH1 does not
•
support the DSA algorithm.
•
The key modulus length must be less than 2048 bits when you use the public-key local create dsa
command on the SSH server.
The public-key local create ecdsa secp256r1 command generates only an ECDSA host key pair.
•
Configuration procedure
To generate local key pairs on the SSH server:
Step
1.
Enter system view.
2.
Generate local key pairs.
Enabling the Stelnet server
After you enable the Stelnet server on the device, clients can log in to the device through Stelnet.
To enable the Stelnet server:
Step
Enter system view.
1.
2.
Enable the Stelnet server.
Enabling the SFTP server
After you enable the SFTP server on the device, clients can log in to the device through SFTP.
The device that acts as an SFTP server does not support SFTP connections initiated by SSH1 clients.
To enable the SFTP server:
Step
1.
Enter system view.
2.
Enable the SFTP server.
Command
system-view
public-key local create { dsa |
ecdsa secp256r1 | rsa }
Command
system-view
ssh server enable
Command
system-view
sftp server enable
304
Remarks
N/A
By default, no local key pairs exist.
Remarks
N/A
By default, the Stelnet server is
disabled.
Remarks
N/A
By default, the SFTP server is
disabled.