Configuring The Device As An Ssh Server; Ssh Server Configuration Task List; Generating Local Key Pairs - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Configuring the device as an SSH server
SSH server configuration task list
Tasks at a glance
(Optional.)
(Required.)
(Required.)
(Required.)
(Required.)
(Required.)
Configuring the PKI domain for verifying the client
certificate
(Required/optional.)
(Optional.)
Generating local key pairs
The DSA, RSA, or ECDSA key pairs are required for generating the session key and session ID in the key
exchange stage. They can also be used by a client to authenticate the server. When a client tries to
authenticate the server, it compares the public key that it receives from the server with the server public
key that it saved locally. If the keys are consistent, the client uses the locally saved server's public key to
decrypt the digital signature received from the server. If the decryption succeeds, the server passes the
authentication.
Configuration restrictions and guidelines
When you generate local key pairs, follow these restrictions and guidelines:
To support SSH clients that use different types of key pairs, generate DSA, RSA, and ECDSA key
•
pairs on the SSH server.
SSH supports ECDSA key pairs in Release 231 1P04 and later versions.
•
The SSH server operating in FIPS mode supports only RSA and ECDSA key pairs. Do not generate
•
the local DSA key pair when the device operates as an SSH server in FIPS mode.
SSH supports locally generated DSA, RSA, and ECDSA key pairs only with default names. For more
•
information about the commands that are used to generate keys, see Security Command Reference.
Generating local key pairs
Enabling the SSH server function
Enabling the SFTP server function
Configuring NETCONF over SSH
Configuring the user lines for SSH login
Configuring a client's host public key
Configuring an SSH user
Setting the SSH management parameters
Remarks
N/A
Required for Stelnet and SCP servers.
Required for SFTP servers.
Required for NETCONF-over-SSH servers.
Required for Stelnet and NETCONF-over-SSH
servers.
Required if the authentication method is publickey,
password-publickey, or any.
See
"Configuring
Required if publickey authentication is configured
for users and if the clients send the public keys to
the server through digital certificates for validity
check.
The PKI domain must have the CA certificate to
verify the client certificate.
Required if the authentication method is publickey,
password-publickey, or any.
Optional if the authentication method is password.
N/A
272
PKI."
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Table of Contents
Troubleshooting
