R21xx-HP FlexFabric 11900 Security Configuration Guide
84
Ste
p
Command
Remarks
2. Enable the SSH server to
support SSH1 clients.
ssh server compatible-ssh1x
enable
By default, the SSH server supports
SSH1 clients.
This command is not available in
FIPS mode.
3. Set the RSA server key pair
update interval.
ssh server rekey-interval hours
By default, the RSA server key pair
is not updated.
This command is not available in
FIPS mode.
4. Set the SSH user
authentication timeout period.
ssh server authentication-timeout
time-out-value
The default setting is 60 seconds.
5. Set the maximum number of
SSH authentication attempts.
ssh server authentication-retries
times
The default setting is 3.
6. Configure an ACL for IPv4
SSH clients.
ssh server acl acl-number
By default, all IPv4 SSH users are
allowed to initiate connections with
the SSH server.
7. Configure an ACL for IPv6
SSH clients.
ssh server ipv6 acl [ ipv6 ]
acl-number
By default, all IPv6 SSH users are
allowed to initiate connections with
the SSH server.
8. Configure the SFTP
connection idle timeout
period.
sftp server idle-timeout
time-out-value
The default setting is 10 minutes.
Configuring the device as an Stelnet client
Stelnet client configuration task list
Tasks at a
g
lance
(Optional.) Specifying a source IP address or source interface for the Stelnet client
(Required.) Establishing a connection to an Stelnet server
Specifying a source IP address or source interface for the
Stelnet client
By default, an Stelnet client uses the IP address of the outbound interface specified by the route to the
Stelnet server when communicating with the Stelnet server. You can specify a source IP address or source
interface for the client to communicate with the server. To make sure the Stelnet client and the Stelnet
server can communicate with each other, and to improve the manageability of Stelnet clients in the
authentication service, HP recommends you to specify a loopback interface as the source interface.
To specify a source IP address or source interface for the Stelnet client: