R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products

151

152

153

154

155

156

157

158

159

160

149

faults, use the specified Loopback interface as the source interface, and either IP address of the two

interfaces as the source IP address.

interface interface-type interface-number: Specifies a source interface by its type and number. The

primary IPv4 address of this interface is the source IP address to send packets.

ip ip-address: Specifies a source IPv4 address.

Usage guidelines

When the server adopts publickey authentication to authenticate a client, the client must get the local

private key for digital signature. Because publickey authentication uses either RSA or DSA algorithm, you

must specify a public key algorithm (by using the identity-key keyword) in order to get the correct data

for the local private key.

Examples

# Establish a connection to the IPv4 Stelnet server (3.3.3.3) and specify the public key of the server as

svkey. The Stelnet client uses publickey authentication. Use the following algorithms:

• The preferred key exchange algorithm is dh-group14.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1.

• The preferred server-to-client HMAC algorithm is sha1-96.

• The preferred compression algorithm between the server and client is zlib.

<Sysname> ssh2 3.3.3.3 prefer-kex dh-group14 prefer-stoc-cipher aes128 prefer-ctos-hmac

sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib publickey svkey

ssh2 ipv6

Use ssh2 ipv6 to establish a connection to an IPv6 Stelnet server.

Syntax

In non-FIPS mode:

ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type interface-number ]

[ identity-key { dsa | rsa } | prefer-compress zlib | prefer-ctos-cipher { 3des | aes128 | aes256 | des }

| prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1

| dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 |

md5-96 | sha1 | sha1-96 }] * [ publickey keyname | source { interface interface-type interface-number

| ipv6 ipv6-address } ] *

In FIPS mode:

ssh2 ipv6 server [ port-number ] [ vpn

-instance vpn-instance-name ] [ -i interface-type interface-number ]

[ identity-key { dsa | rsa } | prefer-compress zlib | prefer-ctos-cipher { aes128 | aes256 } |

prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14 | prefer-stoc-cipher { aes128 | aes256 }

| prefer-stoc-hmac { sha1 | sha1-96 }] * [ publickey keyname | source { interface interface-type

interface-number | ipv6 ipv6-address } ] *

Views

User view

Predefined user roles

network-admin