CAUTION: If the supported protocol configured in the user interface is SSH, make
sure to configure the authentication mode for logging into the user interface to
authentication-mode scheme (using AAA authentication mode).
If the authentication mode is configured as authentication-mode password or
authentication-mode none, the configuration of protocol inbound ssh will
fail, and vice versa.
2 Generating an RSA key pair
Use this configuration task to generate or destroy an RSA key pair (including the
host key and server key) of the server. The naming conventions for the keys are
switchname + _host and switchname + _server respectively.
After this command is entered, the system prompts you to input the number of
the key pair bits. Pay attention to the following:
The host key and the server key must have a difference of at least 128 bits in
■
length.
The minimum and maximum lengths for the host key and the server key are
■
512 bits and 2048 bits respectively.
Perform the following configuration in system view.
Table 345 Generate an RSA key pair
Operation
Generate an RSA key pair
Destroy an RSA key pair
CAUTION:
Generating the RSA key pair of the server is the first step to perform after SSH
■
login.
This command needs to be performed only once; you need not re-perform it
■
after rebooting the switch.
If a key pair exists before the configuration, a prompt will appear asking if you
■
want to replace it.
3 Configuring the user authentication mode
Use this configuration task to specify the authentication mode for an SSH user.
You must specify an authentication mode for a new user; otherwise, the new user
will not be able to log in.
Perform the following configuration in system view.
Table 346 Configure the authentication mode for an SSH user
Operation
Configure the authentication mode for
an SSH user
Restore the default unable-to-login
mode
SSH Terminal Service
Command
rsa local-key-pair create
rsa local-key-pair destroy
Command
ssh user username authentication-type
{ password | rsa | password-publickey |
all }
undo ssh user username
authentication-type
315