R0106-HP MSR Router Series Security Configuration Guide(V7)
323
Configuration procedure
To generate local DSA or RSA key pairs on the SSH server:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Generate local DSA or RSA key
pairs.
public-key local create { dsa | rsa }
By default, both DSA and RSA key
pairs do not exist.
Enabling the SSH server function
The SSH server function on the device allows clients to communicate with the device through SSH.
The device that acts as an SSH server does not support SFTP or SCP connection initiated by an SSH1
client.
To enable the SSH server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable the SSH server function.
ssh server enable
By default, the SSH server function
is disabled.
Enabling the SFTP server function
This SFTP server function enables clients to log in to the device through SFTP.
To enable the SFTP server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable the SFTP server
function.
sftp server enable
By default, the SFTP server function
is disabled.
Configuring the user lines for Stelnet clients
Depending on the SSH application, an SSH client can be an Stelnet, SFTP, or SCP client.
The Stelnet client accesses the device through a VTY user line. You must configure the user lines for Stelnet
clients to allow login. The configuration takes effect only on the clients at the next login.
The SFTP or SCP client accesses the device without using a VTY user line.
To configure the user lines for Stelnet clients:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter VTY user line view.
line vty number [ ending-number ]
N/A