SSH authentication methods
When the device acts as an SSH server, it supports the following authentication methods:
Password authentication—The SSH server authenticates a client through the AAA mechanism. In a
password authentication, an SSH client encrypts and encapsulates its username and password into
an authentication request, and sends the request to the server. After receiving the request, the SSH
server decrypts the request to get the username and password in plain text, examines the validity of
the username and password locally or by a remote AAA server, and then informs the client of the
If the remote AAA server requires the user to enter a password for secondary authentication, it
send the SSH server an authentication response carrying a prompt. The prompt is transparently
transmitted to the client to notify the user to enter a specific password. After the user enters the
correct password and passes validity check by the remote AAA server, the SSH server returns an
authentication success message to the client.
For more information about AAA, see
SSH1 clients do not support secondary password authentication that is initiated by the AAA server.
Publickey authentication—The server authenticates a client by the digital signature. In a publickey
authentication, a client sends the server a publickey authentication request that contains its
username, public key, and the publickey algorithm. The server checks whether the public key is valid.
If the public key is invalid, the authentication fails. Otherwise, the server authenticates the client by
the digital signature. Finally, the server informs the client of the authentication result. The device
supports using the public key algorithms RSA and DSA for digital signature.
For more information about public key configuration, see
The two parties use the DH exchange algorithm to dynamically generate
the session key for protecting data transfer and the session ID for
identifying the SSH connection. In this stage, the client authenticates the
server as well.
The SSH server authenticates the client in response to the client's
After passing the authentication, the client sends a session request to the
server to request the establishment of a session (or request the Stelnet,
SFTP, or SCP service).
After the server grants the request, the client and the server start to
communicate with each other in the session.
In this stage, you can paste commands in text format and execute them
at the CLI. The text pasted at one time must be no more than 2000 bytes.
HP recommends that you paste commands in the same view. Otherwise,
the server might not be able to correctly execute the commands.
To execute commands of more than 2000 bytes, save the commands in
a configuration file, upload it to the server through SFTP, and use it to
restart the server.