Manualshelf

R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
181182183184185186187188189190
174
Importing the host public key—You can upload the client's public key file (in binary) to the server,
for example, through FTP or TFTP, and import the host public key from the public key file. During the
import process, the server automatically converts the host public key in the public key file to a string
in PKCS format.
HP recommends that you configure no more than 20 SSH client host public keys on an SSH server.
To manually configure a client's host public key:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter public key view.
public-key peer keyname N/A
3. Configure a client's host
public key.
Enter the content of the host public
key
When you enter the contents for a
host public key, you can use
spaces and carriage returns
between characters. When you
save the host public key, spaces
and carriage returns are removed
automatically.
For more information, see
"Managing public keys."
4. Return to system view.
peer-public-key end N/A
To import a client's host public key from a public key file:
Ste
p
Command
1. Enter system view.
system-view
2. Import a client's public key
from a public key file.
public-key peer keyname import sshkey filename
Configuring an SSH user
To configure an SSH user that uses publickey authentication, perform the procedure in this section.
If the authentication method is publickey, you must create an SSH user and a local user on the server. To
get the correct working directory and user role, the local user must have the same username as the SSH
user.
If the authentication method is password-publickey or any, you must create an SSH user and perform
one of the following tasks:
For local authentication, configure a local user by using the local-user command.
For remote authentication, configure an SSH user on a remote authentication server, for example, a
RADIUS server.
In either case, the local user or the SSH user configured for remote authentication must have the same
username as the SSH user.
If the authentication method is password, you do not need to create an SSH user or local user. However,
if you want to display all SSH users, including the password-only SSH users, for centralized management,
you can use this command to create them. If such an SSH user has been created, make sure you have
specified the correct service type and authentication method.