3Com Switch 8800 Advanced Software V5 Configuration Guide
Configuring the SSH Server 941
c
CAUTION:
■ If you configure a user interface to support SSH, be sure to configure the
corresponding authentication method with the authentication-mode
scheme command.
■ For a user interface configured to support SSH, you cannot configure the
authentication-mode password command and the authentication-mode
none command.
Creating/Destroying/Exp
orting RSA Keys
For successful SSH login, you must create the RSA key pairs first.
With SSH enabled, users still cannot log into the server through SSH if neither RSA
host key pair nor server key pair is generated.
You can display the created RSA host public key on the screen in a specified
format, or export it to a specified file for use when configuring the key at a remote
site.
Follow these steps to create, destroy, or export the host key pair and server key
pair:
c
CAUTION:
■ The configuration of the rsa local-key-pair create command can survive a
reboot. You only need to configure it once.
■ For a server key and host key, the minimum length is 512 bits, and the
maximum length is 2,048 bits. In SSH2, some clients require that the keys
generated on the server should be at least 768 bits in length.
■ If you have configured a key pair, the system prompts whether you want to
overwrite this key pair when you try to configure another key pair.
Configuring
Authentication Mode
for SSH Users
A newly configured authentication mode will take effect when users log in next
time.
Follow these steps to configure the authentication mode for SSH users.
To do... Use the command... Remarks
Enter system view system-view -
Generate an RSA host key pair
and server key pair
rsa local-key-pair create Required
Destroy an RSA host key pair
and server key pair
rsa local-key-pair destroy Required
Display RSA host public keys
in the screen in a specified
format or export RSA host
public keys to a specified file
rsa local-key-pair export {
ssh1 | ssh2 | openssh } [
filename ]
Required
Available in any view
To do... Use the command... Remarks
Enter system system-view -