H3C S7500 Series Ethernet Switches Operation Manual

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-4

Caution:

z When SSH protocol is supported in the current user interface, to ensure a

successful login, you must use the authentication-mode scheme command to

configure the AAA authentication for login to the user interface.

z The protocol inbound ssh configuration fails if you configured the

authentication-mode password command or the authentication-mode none

command. When you configure SSH protocol successfully for the user interface,

then you cannot configure the authentication-mode password command or the

authentication-mode none command any more.

II. Generating or destroying RSA key pairs

This configuration task is used to generate or destroy the RSA key pairs on the server

end. Generating RSA key pairs on the server end is a prerequisite for SSH login. After

you execute this command, the system will prompt you to specify the key length in bits.

The length range is from 512 bits to 2048 bits, and defaults to 1024 bits. If there already

exist key pairs, the system will prompt you whether to replace the old ones.

 Note:

Server RSA key pairs (H3C_Server) is not used in SSH2.0; therefore, when the rsa

local-key-pair create command is executed, the system only prompts you the host

RSA key pair (H3C_Host) is generated, and does not inform you the information about

the server RSA key pair even if the server RSA key pair is generated in the background

for the purpose of SSH1.x compatibility. You can use the display rsa local-key-pair

public command to display the generated key pairs.

Table 1-3 Generate or destroy RSA key pairs

To do... Use the command... Remarks

Enter system view

system-view

—

Generate a local RSA key pair

rsa local-key-pair create

Required

Destroy a local RSA key pair

rsa local-key-pair destroy

Optional