H3C S3600 Series Operating instructions

Category
Networking
Type
Operating instructions
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents
i
Table of Contents
Chapter 1 SSH Terminal Service..................................................................................................1-1
1.1 SSH Terminal Service .......................................................................................................1-1
1.1.1 Introduction to SSH.................................................................................................1-1
1.1.2 SSH Server Configuration.......................................................................................1-3
1.1.3 Configuring the SSH Client................................................................................... 1-11
1.1.4 Configuring the Device as an SSH Client............................................................. 1-19
1.1.5 Displaying SSH Configuration...............................................................................1-21
1.1.6 SSH Server Configuration Example...................................................................... 1-22
1.1.7 SSH Client Configuration Example.......................................................................1-25
Chapter 2 SFTP Service................................................................................................................ 2-1
2.1 SFTP Service.....................................................................................................................2-1
2.1.1 Introduction to SFTP...............................................................................................2-1
2.1.2 SFTP Server Configuration.....................................................................................2-1
2.1.3 SFTP Client Configuration ...................................................................................... 2-2
2.1.4 SFTP Configuration Example..................................................................................2-6
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-1
Chapter 1 SSH Terminal Service
1.1 SSH Terminal Service
1.1.1 Introduction to SSH
Secure shell (SSH) provides secure communication and powerful authentication for
remote user login to a switch over an insecure network, thus preventing assaults such
as IP address spoofing, plain-text password interception.
Acting as an SSH server, a switch allows for the connections of multiple SSH clients.
Through SSH Client, a user can establish a connection to a switch or UNIX host
running SSH Server.
Figure 1-1 and Figure 1-2 shows two ways to establish SSH connection between client
and server.
z Establishing SSH connection through a LAN
100BASE-TX
Server
Ethernet
Workstation
Laptop
PC
SSH
Switch
SSH
100BASE-TX
Server
Ethernet
Workstation
Laptop
PC
SSH Client
Switch
SSH Server
100BASE-TX
Server
Ethernet
Workstation
Laptop
PC
SSH
Switch
SSH
100BASE-TX
Server
100BASE-TX
Server
Ethernet
Workstation
Laptop
PC
SSH
Switch
SSH
100BASE-TX
Server
Ethernet
Workstation
Laptop
PC
SSH Client
Switch
SSH Server
Figure 1-1 Establish SSH connection through a LAN
z Establishing SSH connection through a WAN
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-2
Local switch
Local Ethernet
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
Remote sw itch
SSH
ote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
SSH
ote Ethernet
Server
Local switch
Local Ethernet
WANServer
PC
SSH
PC
Laptop
Laptop
Local switch
Local Ethernet
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WAN
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Server
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
Remote sw itch
SSH
ote Ethernet
Server
WANServer
PC
SSH
Workstation
Workstation
Rem
Remote sw itch
SSH
ote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH Client
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
SSH Server
ote Ethernet
Server
Local switch
Local Ethernet
WANServer
PC
SSH
PC
Laptop
Laptop
Local switch
Local Ethernet
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WAN
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Server
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
Remote sw itch
SSH
ote Ethernet
Server
WANServer
PC
SSH
Workstation
Workstation
Rem
Remote sw itch
SSH
ote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
SSH
ote Ethernet
Server
Local switch
Local Ethernet
WANServer
PC
SSH
PC
Laptop
Laptop
Local switch
Local Ethernet
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WAN
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Server
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
Remote sw itch
SSH
ote Ethernet
Server
WANServer
PC
SSH
Workstation
Workstation
Rem
Remote sw itch
SSH
ote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Workstation
Remote Ethernet
Server
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH
PC
Laptop
Laptop
WANServer
PC
SSH Client
PC
Laptop
Laptop
PC
Laptop
Laptop
Workstation
Workstation
Rem
SSH Server
ote Ethernet
Server
Figure 1-2 Establish SSH connection through a WAN
Note:
At present, the device supports two SSH versions: SSH2 and SSH1. Unless otherwise
noted, SSH refers to SSH2 throughout this document.
The communication process between a SSH client and server goes through the
following five stages.
1) Version negotiation stage:
z The client sends a TCP connection request to the server.
z When a TCP connection is established, the two ends begin to negotiate an SSH
version.
z If they get a successful negotiation, they go to the key negotiation stage.
Otherwise the server terminates the TCP connection.
2) Key and algorithm negotiation stage:
z The server and the client send key algorithm negotiation packets to each other,
which include the supported server-side public key algorithm list, encryption
algorithm list, MAC algorithm list, and compression algorithm list.
z Based on the received algorithm negotiation packets, the server and the client
figure out the algorithms to be used.
z The server and the client use the DH key exchange algorithm and parameters
such as the host key pair to generate the session key and session ID.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-3
Through the above steps, the server and the client get the same session key, which is
to be used to encrypt and decrypt data exchanged between the server and the client
later. The server and the client use session ID in the authentication stage.
3) Authentication negotiation stage:
z The client sends its username information to the server.
z The server starts to authenticate the user. If the user is configured as having no
authentication on the server, the following step is skipped and the session request
stage starts directly.
z The server authenticates the user in some way (see the following note), till the
authentication succeeds or the connection is terminated due to authentication
timeout.
Note:
SSH provides two kinds of authentication: password authentication and RSA
authentication.
(1) Password authentication works as follows:
z The client sends the username and password to the server.
z The server compares the received username and password against those
configured locally. The user passes the authentication if the server finds a match for
both username and password.
(2) RSA authentication works as follows:
z Configure the RSA public key of the client at the server.
z The client sends the member module of its RSA public key to the server.
z The server checks the validity of the member module. If it is valid, the server
generates a random number, which is sent to the client after being encrypted with
RSA public key of the client.
z Both the server and the client calculate authentication data by using the random
number and session ID.
z The client sends the authentication data it calculates to the server.
z The server compares the received authentication data with the authentication data
on itself. If they are identical, the authentication succeeds.
4) Session request stage. The client sends a session request to the server, which
processes the request and establish a session.
5) Interactive session stage. Both ends exchange data till the session ends.
1.1.2 SSH Server Configuration
The following table describes SSH Server configuration tasks.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-4
Table 1-1 SSH2.0 Server configuration tasks
Operation Command Related section
Configure user interface(s) to
support specified protocol(s)
protocol inbound
Section “
Configuring
user interface(s) to
support specified
protocol(s)
"
Generate local RSA key pairs
rsa local-key-pair create
Destroy local RSA key pairs
rsa local-key-pair
destroy
Section “
Generating
or destroying local
RSA key pairs
"
Create an SSH user
ssh user username
Section “
Create an
SSH user
Specify a default
authentication type for SSH
users
ssh authentication-type
default
Configure authentication type
for an SSH user
ssh user username
authentication-type
Section”
Configuring
authentication type for
a user
"
Set SSH authentication
timeout time
ssh server timeout
Set SSH authentication retry
times
ssh server
authentication-retries
Set server key update interval
ssh server
rekey-interval
Configure SSH server to be
compatible with SSH1.x
clients
ssh server
compatible-ssh1x
enable
Section “
Configuring
SSH management
Configure a client public key
for an SSH user
ssh user username
assign rsa-key keyname
Section “
Configuring a
client public key for a
user
"
I. Configuring user interface(s) to support specified protocol(s)
Table 1-2 Configure user interface(s) to support specified protocol(s)
Operation Command Description
Enter system view
system-view
Enter the view of one or
multiple user interfaces
user-interface
[ type-keyword ] number
[ ending-number ]
Required
Set the login
authentication method
authentication-mode
scheme
[ command-authorizatio
n ]
Required
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-5
Operation Command Description
Configure the user
interface(s) to support
specified protocol(s)
protocol inbound { all
|ssh | telnet }
Optional
By default, both Telnet
and SSH are supported.
Caution:
z If you have configured a user interface to support SSH protocol, to ensure a
successful login to the user interface, you must configure AAA authentication for the
user interface by using the authentication-mode scheme command.
z For a user interface, if you have executed the authentication-mode password or
authentication-mode none command, the protocol inbound ssh command
cannot be executed; if you have executed the protocol inbound ssh command,
neither of the authentication-mode password and authentication-mode none
commands can be executed.
II. Generating or destroying local RSA key pairs
This configuration task is used to generate or destroy the server's RSA key pairs, which
are named in the format of switch name plus "_Host", and switch name plus "_Server",
for example, H3C_Host and H3C_Server.
After you issue the rsa local-key-pair create command, the system prompts you to
input a key length.
z In SSH1.x, the key length is in the range of 512 to 2,048 (bits).
z In SSH2.0, the key length is in the range of 1024 to 2048 (bits). To keep
compatible with SSH1.x, SSH2.0 allows client keys to be 512 to 2,048 bits in
length. But the server's key length must not be shorter than 1,024 bits; otherwise,
clients cannot be authenticated.
Table 1-3 Generate or destroy local RSA key pairs
Operation Command Description
Enter system view
system-view
Generate local RSA key pairs
rsa local-key-pair create
Required
Destroy local RSA key pairs
rsa local-key-pair destroy
Optional
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-6
Caution:
z For a successful SSH login, you must first generate the RSA key pairs of the server.
z You just need to execute the rsa local-key-pair create command once, and need
not execute the command again after the system is rebooted.
z If you re-execute the rsa local-key-pair create command, the system will ask
whether you want to replace the original key pairs with new ones.
z For a fabric made up of multiple devices, you need to execute the rsa
local-key-pair create command on the management device to ensure that all
devices in the fabric have the same local RSA key pairs.
Note:
After the rsa local-key-pair create command is executed, you can execute the
display rsa local-key-pair public command, which will display:
z Two public keys (in H3C_Host and H3C_Server) if the switch works in
SSH1.x-compatible mode.
z Only one public key (in H3C_Host) if the switch works in SSH2.0 mode.
III. Create an SSH user
Table 1-4 Create an SSH user
Operation Command Description
Enter system view
system-view
Create an SSH user
ssh user username
Required
For an SSH user created by using this command, if you do not specify an
authentication type by using the ssh user authentication-type command for this user,
this SSH user adopts the default authentication type. On the other hand, if the default
authentication type is not specified, you need to specify an authentication type for this
SSH user.
IV. Configuring authentication type for a user
For a new user, you must specify the authentication type. Otherwise, the user cannot
access the switch.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-7
Table 1-5 Configure authentication type for a user
Operation Command Description
Enter system view
system-view
Specify a default
authentication type for
SSH users
ssh authentication-type
default { password | rsa
| password-publickey |
all }
Configure authentication
type for an SSH user
ssh user username
authentication-type
{ password |
password-publickey |
rsa| all }
At least one required;
By default, no
authentication type is
specified for an SSH user,
and the user can not
access the switch.
Note that:
z The ssh authentication-type default command is used to configure the default
authentication type for all SSH users.
z The ssh user username authentication-type command is used to configure an
authentication type for a specific SSH user.
z When both commands are configured with different authentication types, for the
specific user (user specified by the username argument), the authentication type
specified by the ssh user username authentication-type command will take
effect instead of that specified for all SSH users.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-8
Caution:
z If RSA authentication type is configured for a user, the RSA public key of the client
user must be configured on the switch.
z By default, no authentication type is specified for a new user, and the new user
cannot access the switch.
z For the password-publickey authentication type: SSH1 client users can access
the switch as long as they pass any of the two kinds of authentications. SSH2 client
users can access the switch only when they pass both kinds of authentications.
z For the password authentication type, username should be consistent with the
valid user name defined in AAA; for the RSA authentication type, username is the
SSH local user name, so that there is no need to configure a local user in AAA.
z If the default authentication type for SSH users is password and local AAA
authentication is adopted, you need not use the ssh user command to create an
SSH user. Instead, you can use the local-user command to create a user name
and its password and then set the service type of the user to SSH.
z If the default authentication type for SSH users is password and remote
authentication (RADIUS authentication, for example) is adopted, you need not use
the ssh user command to create an SSH user, because it is created on the remote
server. And the user can use its username and password configured on the remote
server to access the network.
z If you use the ssh user username authentication-type command to specify an
authentication type for an inexistent SSH user, the system will create the SSH user
automatically.
z If the RSA authentication type is specified, you can use the user privilege level
command to set the level of the commands available to the SSH users logging into
the server. Additionally, the command levels accessible to the users adopting RSA
authentication are the same.
z If the password authentication type is specified, the command levels accessible to
SSH users logging into the server are determined through AAA. In this case, the
command level may vary with users.
V. Configuring SSH management
The configuration of SSH management includes the setting of authentication timeout
time, authentication retry times, server key update interval, and SSH compatible mode.
After the configuration, the SSH management function is able to prevent illegal
activities such as malicious password guessing, thus ensure the security of SSH
connections.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-9
Table 1-6 Configure SSH management
Operation Command Description
Enter system view
system-view
Set SSH
authentication
timeout time
ssh server timeout
seconds
Optional
By default, the timeout time is 60
seconds.
Set SSH
authentication retry
times
ssh server
authentication-retri
es times
Optional
By default, the number of retry times
is 3.
Set server key
update interval
ssh server
rekey-interval hours
Optional
By default, the system does not
update server keys.
Configure SSH
server to be
compatible with
SSH1.x clients
ssh server
compatible-ssh1x
enable
Optional
By default, SSH server is
compatible with SSH1.x clients.
VI. Configuring a client public key for a user
On the switch, you can configure a client public key (generated randomly on a client) for
a client user. This configuration is not required for password authentication type.
There are two methods to configure a client public key for a user.
1) Manual configuration
First, perform the following operations on a client:
z Use the SSH1.5/2.0 client software to randomly generate a RSA key pair.
z Use the SSHKEY.exe program to transform the public key in the RSA key pair to
PKCS (public-key cryptography standards) format.
Then, perform the following operations on the server:
Table 1-7 Configure client public key for a user
Operation Command Description
Enter system view
system-view
Enter public key view
rsa peer-public-key
keyname
Required
Enter public key edit
view to input a client
public key
public-key-code begin
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-10
Operation Command Description
Configure the client
public key
Enter the content of the
public key
Required
When you input the key data,
spaces are allowed between
the characters you input
(because the system can
remove the spaces
automatically); you can also
press <Enter> to continue your
input at the next line. But the
key you input should be a
hexadecimal digit string coded
in the public key format.
Return to public key
view from public key
edit view
public-key-code end
The system saves the public
key data you input when exiting
public key edit view.
Return to system
view from public key
view
peer-public-key end
Assign a client public
key to an SSH user
ssh user username
assign rsa-key
keyname
Required
Keyname is the name of an
existing public key. If the user
has already been assigned with
a public key, the newly
assigned public key overwrites
the old one.
Note:
z The above method requires you to transform the format of the public key on the
client, and then manually configure the transformed public key on the server. So, the
method is relatively more complex.
z If you use the ssh user username assign rsa-key command to assign an public
key for an inexistent SSH user, the system will create the SSH user automatically.
z When configuring the public key for a client manually, you can copy the local host
public key configuration on the client and then paste it to the server.
2) Automatic configuration
First, perform the following operations on a client:
z Use the SSH1.5/2.0 client software to randomly generate a RSA key pair.
z Use FTP/TFTP to transfer the corresponding public key file to the Flash memory of
the server.
Then, perform the following operations on the server:
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-11
Table 1-8 Automatic configuration
Operation Command Description
Enter system view
system-view
Transform the format of
the key in a client public
key file and
automatically configure
a client public key on
the server
rsa peer-public-key
keyname import sshkey
filename
filename must be
consistent with the name
of a public key file in the
Flash memory.
Note:
The above method does not require you to manually configure a public key. So the
method is relatively simple and is the recommended method.
VII. Specifying a source IP address/interface for the SSH server
You can perform the following configurations to specify a source IP address or a source
interface for the SSH server, thus enhancing traffic manageability.
Table 1-9 Specify a source IP address/interface for the SSH server
Operation Command Description
Enter system view
system-view
Specify a source IP
address for the SSH
server
ssh-server source-ip ip-address
Optional
Specify a source interface
for the SSH server
ssh-server source-interface
interface-type interface-number
Optional
1.1.3 Configuring the SSH Client
A variety of SSH client software are available, such as PuTTY and OpenSSH. For an
SSH client to establish a connection with an SSH server, you must complete these
configuration tasks:
z Specifying the IP address of the server.
z Selecting the protocol for remote connection as SSH. Usually, a client can use a
variety of remote connection protocols, such as Telnet, Rlogin, and SSH. To
establish an SSH connection, you must select SSH.
z Selecting the SSH version. Since the device supports SSH Server 2.0 now, select
2.0 or lower for the client.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-12
z Specifying the RSA private key file. On the server, if RSA authentication is
enabled for an SSH user and a public key is set for the user, the private key file
corresponding to the public key must be specified on the client. RSA key pairs are
generated by a tool of the client software.
The following takes the client software of PuTTY, PuTTYGen and SSHKEY as
examples to illustrate how to configure the SSH client:
I. Generating the Client Keys
To generate the client key pair, run PuTTYGen.exe, choose SSH-2 RSA under
Parameters and click Generate.
Figure 1-3 Generating the client keys (1)
Note that while generating the key pair, you must move the mouse continuously and
keep the mouse off the green process bar in the blue box of shown in
Figure 1-4.
Otherwise, the process bar stops moving and the key pair generating process is
stopped.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-13
Figure 1-4 Generating the client keys (2)
After the key pair is generated, click Save public key and enter the name of the file for
saving the public key (public in this case) to save the public key.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-14
Figure 1-5 Generating the client keys (3)
Likewise, to save the private key, click Save private key. A warning window pops up to
prompt you whether to save the private key without any precaution. Click Yes and enter
the name of the file for saving the public key (private in this case) to save the private
key.
Figure 1-6 Generating the client keys (4)
To generate RSA public key in PKCS format, run SSHKEY.exe, click Browse and
select the public key file, and then click Convert.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-15
Figure 1-7 Generating the client keys (5)
II. Specifying the IP address of the Server
Launch PuTTY.exe. The following window appears.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-16
Figure 1-8 SSH client configuration interface 1
In the Host Name (or IP address) text box, enter the IP address of the server, Note
that there must be a route available between the IP address of the server and the client.
III. Selecting the Protocol for Remote Connection
As shown in Figure 1-8, select SSH under Protocol.
IV. Selecting the SSH Version
From the category on the left pane of the window, select SSH under Connection. The
window as shown in
Figure 1-9 appears.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-17
Figure 1-9 SSH client configuration interface 2
Under Protocol options, select 2 from Preferred SSH protocol version.
Note:
Some SSH client software, for example, Tectia client software, supports the DES
algorithm only when the ssh1 version is selected. The PuTTY client software supports
DES algorithm negotiation ssh2.
V. Opening an SSH Connection with RSA
If the client needs to use RSA authentication, you must specify the RSA private key file.
If the client needs to use password authentication, this is not required.
From the category on the left of the window, Select Connection/SSH/Auth. The
following window appears.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-18
Figure 1-10 SSH client configuration interface 3
Click Browse… to bring up the file selection window, navigate to the private key file and
click OK.
VI. Opening an SSH Connection with Password
1) From the window shown in Figure 1-10, click Open. The following SSH client
interface appears. If the connection is normal, you will be prompted to enter the
username and password, as shown in
Figure 1-11.
Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-19
Figure 1-11 SSH client interface
2) Enter the username and password to establish an SSH connection.
3) To log out, enter the quit command.
1.1.4 Configuring the Device as an SSH Client
When the device connects to the SSH server as an SSH client, you can configure the
SSH client to authenticate the SSH server during the first access.
z The first authentication means that when the SSH client accesses the server for
the first time and is not configured with the server host public key, the user can
choose to continue accessing the server and save the host public key on the client
for future authentication of the server.
z With first authentication not supported, the client cannot authenticate the server if
it is not configured with the server host public key. In this case, you must configure
the host public key of the server and specify the key name on the client
beforehand, so that the client can authenticate the server.
You can configure the client to use a specified IP address or interface to access the
SSH.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37

H3C S3600 Series Operating instructions

Category
Networking
Type
Operating instructions

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI