R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

150

Configuring a client public key manually

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Enter public key view.

public-key peer keyname N/A

3. Enter public key code view.

public-key-code begin N/A

4. Configure a client public key.

Enter the content of the public key

Spaces and carriage returns are

allowed between characters.

5. Return from public key code

view to public key view.

public-key-code end

When you exit public key code

view, the system automatically

saves the public key.

6. Return from public key view to

system view.

peer-public-key end N/A

Importing a client public key from a public key file

Ste

Command

1. Enter system view. system-view

2. Import the public key from a public key file.

public-key peer keyname import sshkey filename

For more information about client public key configuration, see VPN Command Reference.

Configuring an SSH user

This configuration allows you to create an SSH user and specify the service type and authentication

method.

Configuration guidelines

When you perform the procedure in this section to configure an SSH user, follow these guidelines:

• You can set the service type to Stelnet, SFTP, or all.

• You can enable one of the following authentication modes for the SSH user:

{ Password—The user must pass password authentication.

{ Publickey authentication—The user must pass publickey authentication.

{ Password-publickey authentication—As an SSH2.0 user, the user must pass both password

and publickey authentication. As an SSH1 user, the user must pass either password or

publickey authentication.

{ Any—The user can use either password authentication or publickey authentication.

• If publickey authentication, whether with password authentication or not, is used, the command

level accessible to the user is set by the user privilege level command on the user interface. If only

password authentication is used, the command level accessible to the user is authorized by AAA.

• A user without an SSH account can still pass password authentication and log in to the server

through Stelnet or SFTP, as long as the user can pass AAA authentication and the service type is

SSH.

• An SSH server supports up to 1024 SSH users.