3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

771

772

773

774

775

776

777

778

779

780

SSH Terminal Services 777

■ For the password-publickey authentication type: SSH1 client users can access

the switch as long as they pass one of the two authentications. SSH2.0 client

users can access the switch only when they pass both the authentications.

■ For the password authentication, username should be consistent with the

effective username defined in AAA; for the RSA authentication, username is

the SSH local username, so that there is no need to configure a local user in

AAA.

Configuring server SSH attributes

Configuring server SSH authentication timeout time, retry times, server keys

update interval and SSH compatible mode can effectively assure security of SSH

connections by avoiding illegal actions such as malicious password guessing.

Configuring a Client Public Key

You can configure RSA public keys for client users on the switch and specify RSA

private keys, which correspond to the public keys, on the client. The client public

keys are generated randomly by the SSH2.0 client. This operation is not required

for password authentication type.

On the other hand, you can import the RSA public key of an SSH user from the

public key file. When the rsa peer-public-key keyname import sshkey filename

command is executed, the system will transform the format of the public key file

created on the client into the public key cryptography standards (PKCS) format

and configure the client public key automatically. Before the configuration above,

the client must upload the public key file of the RSA key to the server by using

FTP/TFTP.

Table 613 Configure server SSH attributes

Operation Command Description

Enter system view system-view -

Set SSH authentication

timeout time

ssh server timeout seconds Optional

The timeout time defaults to

60 seconds.

Set SSH authentication retry

times

ssh server

authentication-retries times

Optional

The retry times defaults to 3.

Set server keys update interval ssh server rekey-interval Optional

By default, the system does

not update server keys.

Set SSH server compatible

with SSH1.x client

ssh server

compatible-ssh1x enable

Optional

By default, SSH server is

compatible with SSH1.x client.

Table 614 Configure client public keys

Operation Command Description

Enter system view system-view -

Enter public key view rsa peer-public-key

key-name

Required