R2511-HP MSR Router Series Security Configuration Guide(V5)
359
that receives from the server. If the digital signatures are consistent, the authentication succeeds. If the
digital signatures are consistent, the authentication succeeds.
The public-key local create rsa command generates a server RSA key pair and a host RSA key pair. Each
of the key pairs consists of a public key and a private key. The public key in the server key pair of the SSH
server is used in SSH1 to encrypt the session key for secure transmission of the key. As SSH2 uses the DH
algorithm to generate the session key on the SSH server and client respectively, no session key
transmission is required in SSH2 and the server key pair is not used.
The public-key local create dsa command generates only the host key pair. SSH1 does not support the
DSA algorithm.
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on the
SSH server.
To generate local DSA or RSA key pairs on the SSH server:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Generate DSA or RSA key
pairs.
public-key local create { dsa | rsa }
By default, neither DSA key pair
nor RSA key pairs exist.
The dsa keyword is not supported
in FIPS mode.
Enabling the SSH server function
The SSH server function on the device allows clients to communicate with the device through SSH.
When the device acts as an SCP server, only one SCP user is allowed to access to the SCP server at one
time.
To enable the SSH server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SSH server
function.
ssh server enable Disabled by default.
Enabling the SFTP server function
This SFTP server function enables clients to log in to the SFTP server through SFTP.
When the device functions as the SFTP server, only one client can access the SFTP server at one time.
To enable the SFTP server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SFTP server
function.
sftp server enable Disabled by default.