R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
136
Enabling SSH server
Follow these steps to enable SSH server:
To do… Use the command…
Remarks
Enter system view system-view —
Enable the SSH server function ssh server enable
Required
Disabled by default
Configuring the user interfaces for SSH clients
An SSH client accesses the device through a VTY user interface. Therefore, you must configure the user
interfaces for SSH clients to allow SSH login. The configuration takes effect only for clients logging in
after the configuration.
Follow these steps to configure the protocols for the current user interface to support:
To do… Use the command…
Remarks
Enter system view system-view —
Enter user interface view of one
or more user interfaces
user-interface vty number
[ ending-number ]
—
Set the login authentication
mode to scheme
authentication-mode scheme
[ command-authorization ]
Required
By default, the authentication mode is
password.
Configure the user interface(s) to
support SSH login
protocol inbound { all | ssh }
Optional
All protocols are supported by default.
NOTE:
• If you configure a user interface to support SSH, be sure to configure the correspondin
g
authentication
method with the authentication-mode scheme command.
• For a user interface configured to support SSH, you cannot chan
g
e the authentication mode. To chan
g
e
the authentication mode, undo the SSH support configuration first.
Configuring a client public key
NOTE:
This configuration task is only necessary for SSH users using publickey authentication.
For each SSH user that uses publickey authentication to login, you must configure the client’s DSA or RSA
host public key on the server, and configure the client to use the corresponding private key.
To configure the public key of an SSH client, you can:
• Configure it manually: You can input or copy the public key to the local host. The copied public key
must have not been converted and be in the distinguished encoding rules (DER) encoding format.