R3303-HP HSR6800 Routers Security Configuration Guide
309
The public-key local create dsa command generates only the host key pair. SSH1 does not support the
DSA algorithm.
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on the
SSH server.
In FIPS mode, the DSA algorithm is not available.
To generate local DSA or RSA key pairs on the SSH server:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Generate DSA or RSA key
pairs.
public-key local create { dsa | rsa }
By default, neither DSA key pair
nor RSA key pairs exist.
Enabling the SSH server function
The SSH server function on the device allows clients to communicate with the device through SSH.
When the device acts as an SCP server, only one SCP user is allowed to access to the SCP server at one
time.
To enable the SSH server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SSH server
function.
ssh server enable Disabled by default.
Enabling the SFTP server function
This SFTP server function enables clients to log in to the SFTP server through SFTP.
When the device functions as the SFTP server, only one client can access the SFTP server at one time.
To enable the SFTP server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SFTP server
function.
sftp server enable Disabled by default.
Configuring the user interfaces for SSH clients
An SSH client accesses the device through a VTY user interface. You must configure the user interfaces for
SSH clients to allow SSH login. The configuration takes effect only for the clients logging in after the
configuration.