F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

165

Ste

Command

Remarks

5. Return to public key view and

save the configured host

public key.

public-key-code end

When you exit public key code

view, the system automatically

saves the public key.

6. Return to system view.

peer-public-key end N/A

456BImporting a client public key from a public key file

Ste

Command

1. Enter system view.

system-view

2. Import the public key from a

public key file.

public-key peer keyname import sshkey filename

For more information about client public key configuration, see VPN Configuration Guide.

279BConfiguring an SSH user

To configure an SSH user that uses publickey authentication, you must perform the procedure in this

section.

To configure an SSH user that uses password authentication, whether together with publickey

authentication or not, you must configure a local user account by using the local-user command for local

authentication, or configure an SSH user account on an authentication server, for example, a RADIUS

server, for remote authentication.

For password-only SSH users, you do not need to perform the procedure in this section to configure them

unless you want to use the display ssh user-information command to display all SSH users, including the

password-only SSH users, for centralized management.

457BConfiguration guidelines

• You can set the service type to Stelnet, SFTP, or SCP.

• You can enable one of the following authentication modes for the SSH user:

{ Password—The user must pass password authentication.

{ Publickey authentication—The user must pass publickey authentication.

{ Password-publickey authentication—As an SSH2.0 user, the user must pass both password and

publickey authentication. As an SSH1 user, the user must pass either password or publickey

authentication.

{ Any—The user can use either password authentication or publickey authentication.

• All authentication methods, except password authentication, require a client's host public key or

digital certificate to be specified.

{ If a client directly sends the user's public key information to the server, the server must specify the

client's public key and the specified public key must already exist. For more information about

public keys, see "

880HConfiguring a client's host public key."

{ If a client sends the user's public key information to the server through a digital certificate, the

server must specify the PKI domain for verifying the client certificate. For more information about

configuring a PKI domain, see VPN Configuration Guide. To make sure the authorized SSH

users pass the authentication, the specified PKI domain must have the proper CA certificate.