Publickey authentication
The server authenticates a client by verifying the digital signature of the client. The publickey
authentication process is as follows:
1.
The client sends the server a publickey authentication request that includes the username,
public key, and public key algorithm name.
If the digital certificate of the client is required in authentication, the client also encapsulates the
digital certificate in the authentication request. The digital certificate carries the public key
information of the client.
2.
The server verifies the client's public key.
If the public key is invalid, the server informs the client of the authentication failure.
If the public key is valid, the server requests the digital signature of the client. After receiving
the signature, the server uses the public key to verify the signature and informs the client of
the authentication result.
When acting as an SSH server, the device supports using the public key algorithms DSA, ECDSA,
and RSA to verify digital signatures.
When acting as an SSH client, the device supports using the public key algorithms DSA, ECDSA,
and RSA to generate digital signatures.
For more information about public key configuration, see "Managing public keys."
Password-publickey authentication
The server requires SSH2 clients to pass both password authentication and publickey
authentication. However, an SSH1 client only needs to pass either authentication.
Any authentication
The server requires clients to pass password authentication or publickey authentication.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see "Configuring FIPS."
Configuring the device as an SSH server
SSH server configuration task list
Tasks at a glance
(Required.)
(Required.)
(Required.)
(Required.)
(Required.)
(Required.)
(Required.)
Generating local key pairs
Enabling the Stelnet server
Enabling the SFTP server
Enabling the SCP server
Enabling NETCONF over SSH
Configuring the user lines for SSH login
Configuring a client's host public key
Remarks
N/A
Required only for Stelnet servers.
Required only for SFTP servers.
Required only for SCP servers.
Required only for NETCONF-over-SSH servers.
Required
NETCONF-over-SSH servers.
Required
if
publickey, password-publickey, or any.
462
only
for
Stelnet
the
authentication
method
and
is
Need help?
Do you have a question about the FlexNetwork MSR Series and is the answer not in the manual?