HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

171

172

173

174

175

176

177

178

179

180

170

SSH server configuration task list

Task Remarks

Generating local DSA or RSA key pairs Required.

Enabling the SSH server function Required for Stelnet, SFTP, and SCP servers.

Enabling the SFTP server function Required only for SFTP server.

Configuring the user interfaces for SSH clients Required.

Configuring a client's host public key

Required if both of the following conditions exist:

• Publickey authentication is configured for users.

• The clients directly send the public keys to the

server for validity check.

Configuring the PKI domain of the client certificate

See VPN Configuration Guide.

Required if both of the following conditions exist:

• Publickey authentication is configured for users.

• The clients send the public keys to the server

through digital certificates for validity check.

The PKI domain must have the CA certificate to verify

the client certificate.

Configuring an SSH user

Required for publickey authentication users and

optional for other authentication users.

Setting the SSH management parameters Optional.

Generating local DSA or RSA key pairs

DSA or RSA key pairs are required for generating the session key and session ID in the key exchange

stage, and can also be used by a client to authenticate the server. When a client tries to communicate

with a server, it compares the public key that it receives from the server with the server public key that it

saved locally. If the keys are consistent, the client uses the public key to authenticate the digital signature

that receives from the server. If the digital signatures are consistent, the authentication succeeds. If the

digital signatures are consistent, the authentication succeeds.

The public-key local create rsa command generates a server RSA key pair and a host RSA key pair. Each

of the key pairs consists of a public key and a private key. The public key in the server key pair of the SSH

server is used in SSH1 to encrypt the session key for secure transmission of the key. As SSH2 uses the DH

algorithm to generate the session key on the SSH server and client respectively, no session key

transmission is required in SSH2 and the server key pair is not used.

The public-key local create dsa command generates only the host key pair. SSH1 does not support the

DSA algorithm.

To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on the

SSH server.

To generate local DSA or RSA key pairs on the SSH server:

Ste

Command

Remarks

1. Enter system view.

system-view N/A