3com 3031 Instruccion De Instalación
Secure Shell (SSH)
113
CAUTION: If the system is configured to support SSH, you must configure the
user interface authentication mode as
user interface authentication mode as
authentication-mode scheme default
(after aaa is enabled) see “Configuration procedure” on page 116. SSH will fail
otherwise.
otherwise.
Configuring local RSA
Key Pair
This configuration is used to generate the local server and host key pair. If there
has been RSA now, the system will ask whether to replace the former key. The
naming modes of generated key pairs go as follows respectively: router name
+server and router name +host. The server key differs in 128 digits at least from
host key. The minimum length of server and host key is 512 bits and the maximum
length is 2048 bits.
has been RSA now, the system will ask whether to replace the former key. The
naming modes of generated key pairs go as follows respectively: router name
+server and router name +host. The server key differs in 128 digits at least from
host key. The minimum length of server and host key is 512 bits and the maximum
length is 2048 bits.
Perform the following operation in system view.
CAUTION: The primary operation to accomplish SSH login is to configure and
generate local RSA key pair. Before performing other SSH configurations, you
must accomplish the configuration of the
generate local RSA key pair. Before performing other SSH configurations, you
must accomplish the configuration of the
rsa local-key-pair create
command to generate local key pair. It is necessary to execute this command only
once and it is unnecessary to execute again after the router resets.
once and it is unnecessary to execute again after the router resets.
Configuring
Authentication Mode
for SSH User
This configuration is used to specify the authentication mode for SSH user. The
authentication mode must be specified for the new users, or they will not be able
to login. For creating one new SSH user, refer to the application of the
authentication mode must be specified for the new users, or they will not be able
to login. For creating one new SSH user, refer to the application of the
local-user
configured authentication mode will take effect in the next login.
Perform the following in the System View.
Setting the Update Time
of Server Key
This configuration is used to set the update time of server key to ensure the
security of SSH connection farthest.
security of SSH connection farthest.
Perform the following in the System View.
Table 117 Setting the protocols supported by system in user interface
Operation
Command
Set the protocols supported by
system in user interface
system in user interface
protocol inbound { all | ssh | telnet }
Table 118 Configuring and removing local RSA key pair
Operation
Command
Generate local RSA key pair
rsa local-key-pair create
Remove local RSA key pair
rsa local-key-pair destroy
Table 119 Configuring authentication mode for SSH user
Operation
Command
Configure authentication mode for
SSH users
SSH users
ssh user username authentication-type {
password | RSA | all }
password | RSA | all }
Restore the default system
authentication mode that login will
be denied always.
authentication mode that login will
be denied always.
undo ssh user username
authentication-type
authentication-type