HP VPN Firewall Appliances System Management and Maintenance Configuration Guide
171
Ste
p
Command
Remarks
2. Generate DSA or RSA key
pairs.
public-key local create { dsa | rsa }
By default, neither DSA key pair
nor RSA key pairs exist.
NOTE:
In FIPS mode, the router does not support a DSA key pair.
Enabling the SSH server function
The SSH server function on the device allows clients to communicate with the device through SSH.
When the device acts as an SCP server, only one SCP user is allowed to access to the SCP server at one
time.
To enable the SSH server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SSH server
function.
ssh server enable
Disabled by default.
Enabling the SFTP server function
This SFTP server function enables clients to log in to the SFTP server through SFTP.
When the device functions as the SFTP server, only one client can access the SFTP server at one time, and
the SFTP server has no restriction on the user privilege level.
To enable the SFTP server function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SFTP server
function.
sftp server enable Disabled by default.
Configuring the user interfaces for SSH clients
An SSH client accesses the device through a VTY user interface. You must configure the user interfaces for
SSH clients to allow SSH login. The configuration takes effect only on the clients logging in after the
configuration.
IMPORTANT:
Before you configure a user interface to support SSH, you must configure its authentication mode to
scheme. Otherwise, the protocol inbound command fails.
To configure the user interfaces for SSH clients: