F3215-HP Load Balancing Module System Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Table 7 SSH server and client requirements

Device role Re

uirements

SSH server

Assign an IP address to a Layer 3 interface, and make sure the interface and

the client can reach each other. By default, the LB module has the IP address

192.168.0.1/24 configured for the interface GigabitEthernet 0/1.

Configure the authentication mode and other settings.

SSH client

If a host operates as an SSH client, run the SSH client program on the host.

Obtain the IP address of the Layer 3 interface on the server.

To control SSH access to the LB module operating as an SSH server, configure authentication and user

privilege level for SSH users.

Configuring the SSH server on the LB module

When scheme authentication is used, you can choose to configure the command authorization and

command accounting functions.

If command authorization is enabled, a command is available only if the user has the commensurate user

privilege level and is authorized to use the command by the AAA scheme.

Command accounting allows the HWTACACS server to record all commands executed by users,

regardless of command execution results. This function helps control and monitor user behaviors on the

LB module. If command accounting is enabled and command authorization is not enabled, every

executed command is recorded on the HWTACACS server. If both command accounting and command

authorization are enabled, only the authorized and executed commands are recorded on the

HWTACACS server.

Follow these guidelines when you configure the SSH server:

• To make the command authorization or command accounting function take effect, apply an

HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the

authorization server and other authorization parameters.

• If the local authentication scheme is used, use the authorization-attribute level level command in

local user view to set the user privilege level on the LB module.

• If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the

RADIUS or HWTACACS server.

The SSH client authentication method is password in this configuration procedure. For more information

about SSH and publickey authentication, see Security Configuration Guide.

To configure the SSH server on the LB module:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create local key pairs.

public-key local create rsa

By default, no local key pairs are

created.

3. Enable SSH server.

ssh server enable By default, SSH server is disabled.

4. Enter one or multiple VTY user

interface views.

user-interface vty first-number

[ last-number ]

N/A