1.1 SSH Terminal
Service Configuration Commands
Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair
public command to display the public key in the host key pair on the
server. If no key pair has been generated, the system prompts “% RSA keys
not found”.
Related command: rsa local-key-pair
create.
Example
# Display the public key in the host key
pair on the server.
<H3C> display rsa
local-key-pair public
=====================================================
Time of Key pair created: 20:08:35
2000/04/02
Key name: H3C_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
DE99B540 87B666B9 69C948CD
BBCC2B60 997F9C18
9AA6651C 6066EF76 242DEAD1
DEFEA162 61677BD4
1A7BFAE7 668EDAA9 FB048C37
A0F1354D 5798C202
2253F4F5
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxg
Zu92JC3q0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into
OpenSSH authorized_keys file :
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxgZu92JC3q
0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1
rsa-key
=====================================================
Time of Key pair created: 20:08:46
2000/04/02
Key name: H3C_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
D6D70AE4 D2A900BE AC21B4E7
617CBEFA 2BAED61F
B637070C 093F43AF 9DB9D644
BCD921EF D056EF36
26825C2A 1FC0EFC3 E27B5110
3F20F790 6C83274B
D0FC303F
51072D6C B5D0054D 3673EBA0 A4748984
5EBF6EBE CF6A13B1 C7858241
A2A9AA79
0203
010001
After the rsa
local-key-pair create command is executed, you can execute the display
rsa local-key-pair public command, which will display:
l
Two public keys (H3C_Host and H3C_Server) if the
switch works in SSH1.x-compatible mode.
l
Only one public key (H3C_Host) if the switch
works in SSH2.0 mode.
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief:
Displays brief information about all client public keys.
keyname:
Name of a client public key, a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key
command to display the public key in the RSA key pair of a specific client. If
no key name is specified, the command displays all client public keys.
Caution:
Sometimes the
public key modulo displayed with the display rsa peer-public-key command
is one bit smaller than the actual modulo. This is because the actually
generated key pair is one bit smaller than specified. For example, when you
specify a 1024-bit key pair, the actually generated key pair may have 1024 or
1023 bits.
Example
# Display all client public keys in brief.
<H3C> display rsa
peer-public-key brief
Address Bits Name
---------------------------
1023 abcd
1024 hq
# Display the client public key named
"abcd".
<H3C>
display rsa peer-public-key name abcd
=====================================
Key name: abcd
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD
F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0
9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61
F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
44018B3B
69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F
0201
25
Syntax
display ssh server
{ status | session }
View
Any view
Parameter
status:
Displays SSH status information.
session:
Displays SSH session information.
Description
Use the display ssh server
command to display status or session information about the SSH Server.
Related command: ssh server authentication-retries,
ssh server timeout.
Example
# Display status information about the SSH
Server.
<H3C> display ssh server status
SSH version : 1.99
SSH authentication timeout : 60
seconds
SSH server key generating interval :
0 hours
SSH authentication retries : 3 times
SFTP Server: Enable
SFTP idle timeout : 10 minutes
Caution:
l
If you use the ssh server compatible-ssh1x
enable command to configure the server to be compatible with SSH1.x
clients, the SSH version will be displayed as 1.99.
l
If you use the undo ssh server
compatible-ssh1x command to configure the server to be not compatible with
SSH1.x clients, the SSH version will be displayed as 2.0.
# Display session information about the SSH
Server.
<H3C> display ssh server
session
Conn Ver Encry State
Retry SerType Username
VTY 0 2.0 AES started
0 stelnet kk
VTY 1 2.0 AES started
0 sFTP abc
Table 1-1 Description on the fields of
the display ssh server session command
|
Field
|
Description
|
|
Conn
|
Number of VTY interface used for user
login
|
|
Ver
|
SSH version
|
|
Encry
|
Encryption algorithm used by SSH
|
|
State
|
Session status
|
|
Retry
|
Number of connection retries
|
|
SerType
|
Service type
|
|
Username
|
User name
|
Syntax
display ssh server-info
View
Any view
Parameter
None
Description
Use the display ssh server-info
command to display the association between the server public keys configured on
the client and the servers.
Example
# Display the association between the
server public keys and the servers.
<H3C> display ssh server-info
Server Name(IP)
Server public key name
______________________________________________________
192.168.0.1
abc_key01
192.168.0.2 abc_key02
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username:
SSH user name, a string of 1 to 80 characters.
Description
Use the display ssh user-information
command to display information about the current SSH users, including user
name, authentication type, corresponding public key name and authorized service
type. If the username argument is specified, the command displays
information about the specified user.
Example
# Display information about the current SSH
users.
<H3C> display ssh
user-information
Username
Authentication-type User-public-key-name Service-type
kk
rsa test sftp
Syntax
display ssh2 source-ip
View
Any view
Parameter
None
Description
Use the display ssh2 source-ip command
to display the current source IP address or the IP address of the source
interface specified for the SSH2 client. If neither source IP address nor
source interface is specified, the command displays 0.0.0.0.
Example
# Display the current source IP address
specified for the SSH2 Client.
<H3C> display ssh2 source-ip
The source IP you specified is
192.168.0.1
Syntax
display ssh-server source-ip
View
Any view
Parameter
None
Description
Use the display ssh-server source-ip command
to display the current source IP address or the IP address of the source
interface specified for the SSH server. If neither source IP address nor source
interface is specified, the command displays 0.0.0.0.
Example
# Display the current source IP address
specified for the SSH Server.
<H3C> display ssh-server
source-ip
The source IP you specified is
192.168.1.1
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end
command to return from public key view to system view.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] peer-public-key
end
[H3C]
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all:
Supports both Telnet and SSH.
ssh:
Supports only SSH.
telnet:
Supports only Telnet.
Description
Use the protocol inbound command to
configure specific user interface(s) to support specified protocol(s). The
configuration will take effect at next user login.
By default, both SSH and Telnet are supported.
Caution:
l
If you have configured a user interface to
support SSH protocol, to ensure a successful login to the user interface, you
must configure AAA authentication for the user interface by using the authentication-mode
scheme command.
l
For a user interface, if you have executed the authentication-mode
password or authentication-mode none command, the protocol
inbound ssh command cannot be executed; if you have executed the protocol
inbound ssh command, neither of the authentication-mode password and
authentication-mode none commands can be executed.
Related command: user-interface vty.
Example
# Configure vty0 through vty4 to support
SSH only.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] protocol inbound ssh
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin
command to enter public key edit view and input a client public key.
When you input the key data, spaces are
allowed between the characters you input (because the system can remove the
spaces automatically); you can also press <Enter> to continue your input
at the next line. But the key you input should be a hexadecimal digit string
generated randomly by an SSH2.0-supported client software.
Related command: rsa peer-public-key,
public-key-code end.
Example
# Enter public key edit view and input a
client public key.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command
to return from public key edit view to public key view and save the public key
you input.
After you use this command to end editing a
public key, the system will check the validity of the public key before saving
the key.
l
If there is any illegal character in the key,
your configuration fails. In this case, a prompt is displayed and the key is
discarded.
l
If the key is valid, it is saved in the local
public key list.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit public key edit view and save the
public key.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C]rsa peer-public-key kk
[H3C-rsa-public-key]public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
1.1.12 rsa
local-key-pair create
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create
command to generate an RSA host key pair and an RSA server key pair, which are
respectively named in the format of switch name plus "_Host", and
switch name plus "_Server", for example, H3C_Host and H3C_Server.
After you issue the command, the system
prompts you to input a key length.
l
In SSH1.x, the key length is in the range of 512
to 2,048 (bits).
l
In SSH2.0, the key length is in the range of
1024 to 2048 (bits). To keep compatible with SSH1.x, SSH2.0 allows client keys
to be 512 to 2,048 bits in length. But the server's key length must not be
shorter than 1,024 bits. Otherwise, clients cannot be authenticated.
l
If you re-execute the rsa local-key-pair
create command, the system will ask whether you want to replace the
original key pair with a new one.
After the rsa local-key-pair create command is executed, you
can execute the display rsa local-key-pair public command, which will
display:
l
Two public keys (H3C_Host and H3C_Server) if the
switch works in SSH1.x-compatible mode.
l
Only one public key (H3C_Host) if the switch
works in SSH2.0 mode.
For a successful SSH login, you must first
generate a local RSA key pair. You just need to execute the rsa
local-key-pair create command once, and need not execute the command again
after the system is rebooted.
Related command: rsa local-key-pair
destroy, display rsa local-key-pair public.
Example
# Generate a local RSA key pair.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa local-key-pair create
The local-key-pair will be created.
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]:
Generating keys...
........................++++++
.......++++++
.................................++++++++
...++++++++
........Done!
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy
command to destroy the server's RSA key pairs.
Related command: rsa local-key-pair
create.
Example
# Destroy the server's RSA key pairs.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa local-key-pair destroy
% The local-key-pair will be
destroyed.
% Confirm to destroy these keys?
[Y/N]:y
.............Done!
Syntax
rsa peer-public-key keyname
undo rsa peer-public-key keyname
View
System view
Parameter
keyname:
Name of a client public key, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command
to enter public key view.
Use the undo rsa
peer public-key command to delete the configuration
of peer public key.
After using this command, you can use the public-key-code
begin command to manually configure a client public key on the server.
Before you can do this, you should first obtain the hexadecimal-format public
key that is randomly generated on a client.
Related command: public-key-code begin,
public-key-code end.
Example
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
Syntax
rsa peer-public-key keyname import sshkey filename
undo rsa peer-public-key keyname
View
System view
Parameter
keyname:
Name of the client public key to be configured, a string of 1 to 64 characters.
filename:
Name of a client public key file (which was uploaded beforehand from a client
to the Flash memory of the sever), a string of 1 to 142 characters.
Description
Use the rsa peer-public-key import
sshkey command to transform a client public key file to the PKCS format and
use the file to automatically configure a client public key.
Use the undo peer public-key command
to remove the setting.
This configuration releases you from
manually inputting a client public key. You need only to upload the public key
file of the RSA key pair on a client to the server through FTP/TFTP, and then
use this command to transform the key file format and use the file to configure
a client public key on the server.
Example
# Transform the format of client public key
file abc and configure a public key named 123.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key 123 import
sshkey abc
Syntax
ssh authentication-type default { password | rsa | password-publickey | all
}
undo ssh authentication-type default
View
System view
Parameter
password:
Specifies the authentication type of SSH users to password authentication.
rsa:
Specifies the authentication type of SSH users to RSA public key
authentication.
password-publickey: Specifies the authentication type of SSH users to both password
authentication and public key authentication, that is, both the password
authentication and public key authentication must be passed.
all:
Specifies the authentication type of SSH users to either password authentication
or public key authentication, that is, one of the two types of authentication
must be passed.
Description
Use the ssh authentication-type default
command to specify a default authentication type for SSH users.
With this command configured, after you add
a new SSH user by using the ssh user command, the default authentication
type is adopted for the user unless you use the ssh user authentication-type
command to separately specify an authentication type for the user.
Use the undo ssh authentication-type
default command to remove the default authentication type.
After the undo command is executed,
no default authentication type exists. When you add a new SSH user, you must
specify an authentication type for it simultaneously.
There is no default authentication type
unless you use the ssh authentication-type default command to specify
it.
Related command: ssh user
authentication-type.
l
If the default authentication type for SSH users
is password and local AAA authentication is adopted, you need not use the ssh
user command to create an SSH user. Instead, you should use the local-user
command to create a user name and its password and then set the service
type of the user to SSH.
l
If the default authentication type for SSH users
is password and remote authentication (RADIUS authentication, for example) is
adopted, you need not use the ssh user command to create an SSH user,
because it is created on the remote server. And the user can use its username
and password configured on the remote server to access the network.
Example
# Specify the default authentication type
of SSH users to password authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh authentication-type default
password
Syntax
ssh client {
server-ip | server-name } assign rsa-key keyname
undo ssh client { server-ip | server-name } assign rsa-key
View
System view
Parameter
server-ip:
Server IP address.
server-name:
Server name, a string of 1 to 80 characters.
keyname:
Server public key name, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key
command to assign a public key to an SSH server on the client, so that the
client can regard the server as a reliable server when it connects to the
server.
Use the undo ssh client assign
rsa-key command to cancel the assignment.
By default, the host public key of the
server is not configured, and when logging into the server, the client uses the
IP address or host name used for login as the public key name.
Example
# Configure the public key named
"abc" for server 192.168.0.1 on the client.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh client 192.168.0.1 assign
rsa-key abc
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameter
None
Description
Use the ssh client first-time enable
command to enable the client to run initial authentication for the SSH server
it accesses for the first time.
Use the undo ssh client first-time
command to disable the client from running initial authentication.
If an SSH client is
enabled to run initial authentication, when the SSH client accesses an SSH
server for the first time and it does not have the public key of the server,
the client allows you to select to continue the access and save the public key
of the server to local device; when the client accesses the server at the next
time, it will authenticate the server against the public key saved locally.
When an SSH client is disabled from running
initial authentication, the SSH client cannot access an SSH server if it does
not have the public key of the server. In this case, you need first to save the
public key of the target server to the client in another way.
By default, the client is enabled to run
initial authentication.
Example
# Enable the client to run initial
authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh client first-time enable
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times:
Authentication retry times, in the range of 1 to 5.
Description
Use the ssh server
authentication-retries command to set the authentication retry times for
SSH connections.
Use the undo ssh server
authentication-retries command to restore the default authentication retry
times.
By default, the number of authentication
retry times is 3.
The configuration here will take effect at
next user login.
Related command: display ssh server.
If you have used
the ssh user authentication-type command to configure the authentication
type of a user to password-publickey, you must set the authentication
retry times to a number greater than or equal to 2 (so that the user can access
the switch).
Example
# Set the authentication retry times to
four.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server
authentication-retries 4
Syntax
ssh server compatible-ssh1x enable
undo ssh server compatible-ssh1x
View
System view
Parameter
None
Description
Use the ssh server compatible-ssh1x
enable command to make the server compatible with SSH1.x clients.
Use the undo ssh server compatible-ssh1x
command to make the server incompatible with SSH1.x clients.
By default, the server is compatible with
SSH1.x clients.
Example
# Make the server compatible with SSH1.x
clients.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server compatible-ssh1x
enable
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameter
hours:
Interval to update the server keys, ranging from 1 to
24 (in hours).
Description
Use the ssh server rekey-interval command
to set the interval to update the server keys regularly.
Use the undo ssh server rekey-interval command
to cancel the current configuration.
By default, the update interval is zero,
which indicates the system does not update the server keys.
Caution:
This command only takes effect on users whose client version is
SSH1.x.
Example
# Configure to update the server's keys
every 3 hours.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server rekey-interval 3
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameter
seconds:
Authentication timeout time, ranging from 1 to 120 (in seconds).
Description
Use the ssh server timeout command
to set the authentication timeout time for SSH connections.
Use the undo ssh server timeout
command to restore the default timeout time (that is, 60 seconds).
The configuration here will take effect at
next login.
Related command: display ssh server.
Example
# Set the authentication timeout time to 80
seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server timeout 80
Syntax
ssh user username
undo ssh user username
View
System view
Parameter
username: Valid
SSH user name, a string of 1 to 80 characters.
Description
Use the ssh user command to create
an SSH user.
Use the undo ssh user to delete a
specified SSH user.
For an SSH user
created by using this command, if you do not specify an authentication type by
using the ssh user authentication-type command for this user, this SSH
user adopts the default authentication type. On the other hand, if the default
authentication type is not specified, you need to specify an authentication
type for this SSH user.
An SSH user is
created on an SSH server for the purpose of specifying the authentication type,
the SSH service type, and the public key for the SSH user. An existing SSH user
will be removed automatically if it has none of the authentication type, the SSH
service type, and the public key configured.
Example
# Specify the default authentication type
as password authentication. Create an SSH user with the name “abc”.
<H3C> system-view
Enter system view, return to user
view with Ctrl+Z.
[H3C] ssh authentication-type default
password
[H3C] ssh user abc
Syntax
ssh user
username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameter
username:
Valid SSH user name, a string of 1 to 80 characters.
keyname:
Client public key name, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key
command to assign a client public key to an SSH user. This configuration takes
effect at the next login.
Use the undo ssh user assign rsa-key
command to remove this assignment, so that no public key is associated with the
user.
If the user has already been assigned with
a public key, the newly assigned public key will overwrite the old one.
Related command: display ssh
user-information.
Example
# Assign the client public key named
"key1" to user kk.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk assign rsa-key key1
Syntax
ssh user
username authentication-type { password | rsa | password-publickey
| all }
undo ssh user
username authentication-type
View
System view
Parameter
username:
Valid SSH user name, a string of 1 to 80 characters.
password:
Sets the authentication type to password authentication.
rsa: Sets
the authentication type to RSA public key authentication.
password-publickey: Sets the authentication type to both password and RSA public key
authentication. That is, the user can access the switch only when both the
password authentication and the RSA public key authentication are passed.
For the password-publickey authentication type:
l
SSH1.x client users can access the switch as
long as they pass one of the two authentications.
l
SSH2.0 client users can access the switch only
when they pass both the authentications.
all: Sets
the authentication type to either password or RSA public key authentication.
That is, the user can access the switch as long as one of the two
authentications (password and RSA public key) is passed.
Description
Use the ssh user authentication-type
command to set the available authentication type for an SSH user.
Use the undo ssh user
authentication-type command to restore the default setting.
l
This command only determines what kind of
authentication is allowed for a user to log into the switch. It is the user who
will determine (on the client) the actual authentication type.
l
For password authentication, username
should be consistent with a valid user name defined in AAA; for rsa
authentication, username is the name of an SSH local user, and there is
no need to configure a local user in AAA.
By default, no authentication type is set
for new users, so they cannot access the switch.
For new users, you must specify the
authentication type for them through the ssh user authentication-type command
on the server. Otherwise, they cannot access the switch. A new authentication
type configuration will take effect at the next login.
Related command: display ssh
user-information.
Example
# Set the authentication type for user kk
to password authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk authentication-type
password
Syntax
ssh2 { host-ip
| host-name } [ port-num ] [ prefer_kex { dh_group1
| dh_exchange_group } | prefer_ctos_cipher { des | aes128
} | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac
{ sha1 | sha1_96 | md5 | md5_96
} | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96
} ] *
View
System view
Parameter
host-ip:
Server IP address.
host-name: Server name, a string of 1 to 20 characters.
port-num:
Server port number. It is in the range of 0 to 65,535 and defaults to 22.
prefer_kex:
Specifies the preferred key exchange algorithm. You can select one from the
following two algorithms.
dh_group1:
Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Specifies the preferred client-to-server encryption algorithm,
which is AES128 by default.
prefer_stoc_cipher: Specifies the preferred server-to-client encryption algorithm,
which is AES128 by default.
des: DES_cbc
encryption algorithm.
aes128:
AES_128 encryption algorithm.
prefer_ctos_hmac: Specifies the preferred client-to-server HMAC (Hash-based message
authentication code) algorithm, which is SHA1_96 by default.
prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm, which is SHA1_96
by default.
sha1:
HMAC-SHA1 algorithm.
sha1_96:
HMAC-SHA1-96 algorithm.
md5:
HMAC-MD5 algorithm.
md5_96: HMAC-MD5-96 algorithm.
l
DES (data encryption standard) is a standard
data encryption algorithm.
l
AES (advanced encryption standard) is an
advanced encryption standard algorithm.
Description
Use the ssh2 command to start the
SSH client to establish a connection with an SSH server, and at the same time
specify the preferred key exchange algorithm, encryption algorithms and HMAC
algorithms between the server and client.
Example
# Log into SSH2.0 server 10.214.50.51 with:
l
dh_exchange_group
as the preferred key exchange algorithm,
l
aes128 as the
preferred server-to-client encryption algorithm,
l
md5 as the
preferred client-to-server HMAC algorithm, and
l
sha1_96 as the
preferred server-to-client HMAC algorithm.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh2 10.214.50.51 prefer_kex
dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5
prefer_stoc_hmac sha1_96
Syntax
ssh2 source-interface interface-type interface-number
undo ssh2 source-interface
View
System view
Parameter
interface-type: Source interface type, which can be
LoopBack or Vlan-interface.
interface-number: Source interface number.
Description
Use the ssh2 source-interface command
to specify a source interface for the SSH2 client. If the specified interface
does not exist, the command fails.
Use the undo ssh2 source-interface command
to cancel the source interface setting. Then, a local device address determined
by the system is used to access an SSH2 server.
Example
# Specify source interface Vlan-interface 1
for the SSH2 client.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh2 source-interface
Vlan-interface 1
Syntax
ssh2 source-ip ip-address
undo ssh2 source-ip
View
System view
Parameter
ip-address: Source IP address.
Description
Use the ssh2 source-ip command to
specify a source IP address for the SSH2 client. If the specified IP address is
not an address of the device, the command fails.
Use the undo ssh2 source-ip command
to cancel the source IP address setting. Then, a local device address
determined by the system is used to access an SSH server.
Example
# Specify source IP address 192.168.1.1 for
the SSH2 client.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh2 source-ip 192.168.1.1
Syntax
ssh-server source-interface interface-type interface-number
undo ssh-server source-interface
View
System view
Parameter
interface-type: Source interface type, which can be
LoopBack or Vlan-interface.
interface-number: Source interface number.
Description
Use the ssh-server source-interface command
to specify a source interface for the SSH server. If the specified interface
does not exist, the command fails.
Use the undo ssh-server source-interface
command to cancel the source interface setting. Then, a local device
address determined by the system can be used by SSH users to access the server.
Example
# Specify Vlan-interface 1 as the source
interface of the SSH server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh-server source-interface
Vlan-interface 1
Syntax
ssh-server source-ip ip-address
undo ssh-server source-ip
View
System view
Parameter
ip-address: IP address to be set as the source IP address.
Description
Use the ssh-server source-ip command
to specify a source IP address for the SSH server. If the specified IP address
is not an IP address of the device, the command fails.
Use the undo ssh-server source-ip command
to cancel the source IP address setting. Then, a local device address
determined by the system can be used by users to access the switch.
Example
# Specify source IP address 192.168.0.1 for
the SSH server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh-server source-ip
192.168.0.1
