R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
152
To set the SSH management parameters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SSH server to
support SSH1 clients.
ssh server compatible-ssh1x
enable
Optional.
By default, the SSH server supports
SSH1 clients.
3. Set the RSA server key pair
update interval.
ssh server rekey-interval hours
Optional.
0 by default. That is, the RSA server
key pair is not updated.
4. Set the SSH user
authentication timeout period.
ssh server authentication-timeout
time-out-value
Optional.
60 seconds by default.
5. Set the maximum number of
SSH authentication attempts.
ssh server authentication-retries
times
Optional.
3 by default.
NOTE:
A
uthentication will fail if
t
he number of authentication attempts (including both publickey and password
authentication) exceeds that specified in the ssh server authentication-retries command.
Configuring the firewall as an SSH client
SSH client configuration task list
Task Remarks
Specifying a source IP address/interface for the SSH client Optional
Configuring whether first-time authentication is supported Optional
Establishing a connection between an SSH client and the server Required
Specifying a source IP address/interface for the SSH client
This configuration task allows you to specify a source IP address or interface for the client to access the
SSH server, improving service manageability.
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a source IP address
or interface for the SSH
client.
• Specify a source IPv4 address or interface for
the SSH client:
ssh client source { ip ip-address | interface
interface-type interface-number }
• Specify a source IPv6 address or interface for
the SSH client:
ssh client ipv6 source { ipv6 ipv6-address |
interface interface-type interface-number }
By default, an SSH
client uses the IP
address of the
outbound interface
defined by the route
to the SSH server to
access the SSH
server.