R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
139
To do… Use the command…
Remarks
Enter system view system-view —
Enable the SSH server to support
SSH1 clients
ssh server compatible-ssh1x
enable
Optional
By default, the SSH server supports
SSH1 clients.
Set the RSA server key pair update
interval
ssh server rekey-interval hours
Optional
0 by default, that is, the RSA server
key pair is not updated.
Set the SSH user authentication
timeout period
ssh server authentication-timeout
time-out-value
Optional
60 seconds by default
Set the maximum number of SSH
authentication attempts
ssh server authentication-retries
times
Optional
3 by default
NOTE:
A
uthentication will fail if
t
he number of authentication attempts (including both publickey and password
authentication) exceeds that specified in the ssh server authentication-retries command.
Configuring the firewall as an SSH client
SSH client configuration task list
Complete the following tasks to configure an SSH client:
Task Remarks
Specifying a source IP address/interface for the SSH client Optional
Configuring whether first-time authentication is supported Optional
Establishing a connection between the SSH client and the server Required
Specifying a source IP address/interface for the SSH client
This configuration task allows you to specify a source IP address or interface for the client to access the
SSH server, improving service manageability.
To do… Use the command…
Remarks
Enter system view system-view —
Specify a
source IP
address or
interface for the
SSH client
Specify a source IPv4 address
or interface for the SSH client
ssh client source { ip ip-address |
interface interface-type
interface-number }
Required
By default, the
address of the
interface decided
by the routing is
used to access the
SSH server
Specify a source IPv6 address
or interface for the SSH client
ssh client ipv6 source { ipv6
ipv6-address | interface
interface-type interface-number }