R0106-HP MSR Router Series Security Configuration Guide(V7)
327
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable the SSH server to
support SSH1 clients.
ssh server compatible-ssh1x
enable
By default, the SSH server supports
SSH1 clients.
This command is not available in
FIPS mode.
3. Set the RSA server key pair
update interval.
ssh server rekey-interval hours
By default, the RSA server key pair
is not updated.
This command is not available in
FIPS mode.
4. Set the SSH user authentication
timeout period.
ssh server authentication-timeout
time-out-value
The default setting is 60 seconds.
5. Set the maximum number of
SSH authentication attempts.
ssh server authentication-retries
times
The default setting is 3.
6. Configure an ACL filtering for
IPv4 SSH clients.
ssh server acl acl-number
By default, all IPv4 SSH users are
allowed to initiate connections with
the SSH server.
7. Configure an ACL filtering for
IPv6 SSH clients.
ssh server ipv6 acl [ ipv6 ]
acl-number
By default, all IPv6 SSH users are
allowed to initiate connections with
the SSH server.
8. Set the DSCP value in the IPv4
packets that the SSH server
sends to the SSH clients.
ssh server dscp dscp-value The default setting is 48.
9. Set the DSCP value in the IPv6
packets that the SSH server
sends to the SSH clients.
ssh server ipv6 dscp dscp-value The default setting is 48.
10. Configure the SFTP connection
idle timeout period.
sftp server idle-timeout
time-out-value
The default setting is 10 minutes.
11. Specify the maximum number
of concurrent online SSH users.
aaa session-limit ssh max-sessions
The default setting is 16.
Configuring the device as an Stelnet client
Stelnet client configuration task list
Tasks at a
g
lance
(Optional.) Specifying the source IP address for SSH packets
(Required.) Establishing a connection to an Stelnet server
Specifying the source IP address for SSH packets
HP recommends that you specify the IP address of the loopback or dialer interface as the source address
for SSH packets for the following purposes:
• Ensuring the communication between the Stelnet client and the Stelnet server.