H3C S7500 Series Operation Manual page 825

Operation Manual – SSH Terminal Service
H3C S7500 Series Ethernet Switches
Caution:
When SSH protocol is supported in the current user interface, to ensure a
successful login, you must use the authentication-mode scheme command to
configure the AAA authentication for login to the user interface.
The protocol
authentication-mode password command or the authentication-mode none
command. When you configure SSH protocol successfully for the user interface,
then you cannot configure the authentication-mode password command or the
authentication-mode none command any more.
II. Generating or destroying RSA key pairs
This configuration task is used to generate or destroy the RSA key pairs on the server
end. Generating RSA key pairs on the server end is a prerequisite for SSH login. After
you execute this command, the system will prompt you to specify the key length in bits.
The length range is from 512 bits to 2048 bits, and defaults to 1024 bits. If there already
exist key pairs, the system will prompt you whether to replace the old ones.
Note:
Server RSA key pairs (H3C_Server) is not used in SSH2.0; therefore, when the rsa
local-key-pair create command is executed, the system only prompts you the host
RSA key pair (H3C_Host) is generated, and does not inform you the information about
the server RSA key pair even if the server RSA key pair is generated in the background
for the purpose of SSH1.x compatibility. You can use the display rsa local-key-pair
public command to display the generated key pairs.
Table 1-3 Generate or destroy RSA key pairs
Enter system view
Generate a local RSA key pair
Destroy a local RSA key pair
inbound ssh configuration fails if you configured the
To do...
Chapter 1 SSH Terminal Service Configuration
Use the command...
system-view
rsa local-key-pair create
rsa local-key-pair destroy
1-4
Remarks
—
Required
Optional