Table of Contents
Advertisement
<SwitchA> ssh2 192.168.1.40
Username: client002
Press CTRL+C to abort.
Connecting to 192.168.1.40 port 22.
The server is not authenticated. Continue? [Y/N]:y
Do you want to save the server public key? [Y/N]:n
client002@192.168.1.40's password:
Enter a character ~ and a dot to abort.
******************************************************************************
* Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP
* Without the owner's prior written consent,
* no decompiling or reverse-engineering shall be allowed.
******************************************************************************
<SwitchB>
Select Yes to access the server and download the server's host public key. At the next
connection attempt, the client authenticates the server by using the saved server's host public
key on the client.
Stelnet configuration example based on 128-bit Suite B
algorithms
Network requirements
As shown in
•
Switch A acts as an Stelnet client (SSH2).
•
Switch B acts as the Stelnet server (SSH2), and it uses publickey authentication.
•
Switch B uses the following algorithms for the algorithm negotiation with the Stelnet client:
Key exchange algorithm ecdh-sha2-nistp256.
Encryption algorithm aes128-gcm.
Public key algorithms x509v3-ecdsa-sha2-nistp256 and x509v3-ecdsa-sha2-nistp384.
Configure Switch A to establish an Stelnet connection to Switch B based on the 128-bit Suite B
algorithms. After the connection is established, you can log in to Switch B to configure and manage
Switch B.
Figure 106 Network diagram
Configuration procedure
1.
Generate the client's certificate and the server's certificate. (Details not shown.)
You must first configure the certificates of the server and the client because they are required
for identity authentication between the two parties.
In this example, the server's certificate file is ssh-server-ecdsa256.p12 and the client's
certificate file is ssh-client-ecdsa256.p12.
Figure
106:
360
*
*
*
Advertisement
Table of Contents
Troubleshooting
