R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

341

342

343

344

345

346

347

348

349

350

337

Task Command

Display the source IP address or source

interface information configured for the SFTP

client.

display sftp client source

Display the source IP address or source

interface information configured for the Stelnet

client.

display ssh client source

Display SSH server status information or session

information on an SSH server.

display ssh server { session | status }

Display SSH user information on the SSH

server.

display ssh user-information [ username ]

Display the public keys of the local key pairs.

display public-key local { dsa | rsa } public [ name

publickey-name ]

Display the public keys of the SSH peers. display public-key peer [ brief | name publickey-name ]

Stelnet configuration examples

Unless otherwise noted, devices in the configuration examples operate in non-FIPS mode.

If you configure an Stelnet server in FIPS mode, follow these guidelines:

• The modulus length of the key pair must be 2048 bits.

• Do not generate a DSA key pair on the Stelnet server. Only RSA key pairs are supported.

Password authentication enabled Stelnet server configuration

example

Network requirements

As shown in Figure 90:

• You can log in to the router through the Stelnet client (SSH2) that runs on the host.

• After login, you are assigned the user role network-admin for configuration management.

• The router acts as the Stelnet server and uses password authentication.

• The username and password of the client are saved on the router.

Figure 90 Network diagram

Configuration procedure

1. Configure the Stelnet server:

# Generate the RSA key pairs.

<Router> system-view

[Router] public-key local create rsa

Stelnet client Stelnet server

Host Router

192.168.1.56/24

GE2/1/1

192.168.1.40/24