Login
- Table of Contents
-
- H3C S3610[S5510] Series Ethernet Switches Command Manual-Release 0001-(V1.02)
- 00-1Cover
- 01-Login Command
- 02-VLAN Command
- 03-IP Address and Performance Command
- 04-QinQ-BPDU Tunnel Command
- 05-Port Correlation Configuration Command
- 06-MAC Address Table Management Command
- 07-MAC-IP-Port Binding Command
- 08-MSTP Command
- 09-Routing Overview Command
- 10-IPv4 Routing Command
- 11-IPv6 Routing Command
- 12-IPv6 Configuration Command
- 13-Multicast Protocol Command
- 14-802.1x-HABP-MAC Authentication Command
- 15-AAA-RADIUS-HWTACACS Command
- 16-ARP Command
- 17-DHCP Command
- 18-ACL Command
- 19-QoS Command
- 20-Port Mirroring Command
- 21-Cluster Management Command
- 22-UDP Helper Command
- 23-SNMP-RMON Command
- 24-NTP Command
- 25-DNS Command
- 26-File System Management Command
- 27-Information Center Command
- 28-System Maintenance and Debugging Command
- 29-NQA Command
- 30-VRRP Command
- 31-SSH Command
- 32-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 31-SSH Command | 94 KB |
Table of Contents
Chapter 1 SSH Configuration Commands
1.1 SSH Configuration Commands
1.1.1 display rsa local-key-pair public
1.1.2 display rsa peer-public-key
1.1.4 display ssh user-information
1.1.9 rsa local-key-pair create
1.1.10 rsa local-key-pair destroy
1.1.11 rsa local-key-pair export
1.1.13 rsa peer-public-key import sshkey
1.1.14 ssh server authentication-retries
1.1.15 ssh server authentication-timeout
1.1.17 ssh server rekey-interval
1.1.18 ssh user assign rsa-key
1.1.19 ssh user authentication-type
Chapter 1 SSH Configuration Commands
1.1 SSH Configuration Commands
1.1.1 display rsa local-key-pair public
Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair public command to display the public keys of the host key pair and server key pair on the server.
Related command: rsa local-key-pair create.
Example
# Display the public keys of the host key pair and server key pair on the server.
<Sysname>display rsa local-key-pair public
=====================================================
Time of Key pair created: 23:09:56 2000/04/26
Key name: Sysname_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
DEE56D7C 56A9CFAA 689DC9CB 3FB4593E 5436C2FB
58FC1E12 A2B74667 0167AA0F DD7CCF0D FEE4701F
D5B83E9C B7535AFE 78BB845C DEC3B830 1E906AF6
D218FCF1
0203
010001
=====================================================
Time of Key pair created: 23:10:03 2000/04/26
Key name: Sysname_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
A4CDD0CA 63BDF396 AFCCCB40 051EB574 CA69FEB1
5CE4D2FB E8A917D5 CDCD0E65 8C2FC7C4 C35C7554
76634842 4EC4B098 D0AC69DA F7DB156C D4C9582C
398EC40E 4BD76782 7B4DE24D 42DDBC03 2777132E
B7427E9C 55873A46 62568CC1 AD2C88C3
0203
010001
Table 1-1 Description on fields of the display rsa local-key-pair public command
|
Field |
Description |
|
Time of Key pair created |
Time when the key pair is created |
|
Key name |
Name of a key |
|
Key type |
Type of a key |
|
RSA encryption Key |
RSA encryption key |
|
Key code |
Code of a key |
1.1.2 display rsa peer-public-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief: Displays the brief information about all peer public keys.
name keyname: Specifies the key name (a string of up to 64 characters) to be displayed.
Description
Use the display rsa peer-public-key command to display the peer RSA public keys. If no keyname is specified, all peer public keys are displayed.
Related command: rsa local-key-pair create.
Example
# Display all peer public keys.
<Sysname> display rsa peer-public-key
=====================================
Key name: aa
Key address:
=====================================
Key Code:
3047
0240
CB4EC412 6143D84B 61806713 C04B693D 781CA35F C3006C24 41F0688B 659471A9
B3A74BF2 4D984B8F 71853043 16426FDE 268D7912 A255607F ADFEBC39 2BC499AD
0203
010001
Table 1-2 Description on fields of the display rsa peer-public-key command
|
Field |
Description |
|
Key name |
Name of a key |
|
Key address |
Address of a key |
|
Key code |
Code of a key |
1.1.3 display ssh server
Syntax
display ssh server { status | session }
View
Any view
Parameter
status: Displays the status information of the SSH server.
session: Displays the session information of the SSH server.
Description
Use the display ssh server command to display the status information or session information of the SSH server.
Related command: ssh server authentication-retries, ssh server rekey-interval, ssh server authentication-timeout, and ssh server enable.
Example
# Display the status information of the SSH server.
<Sysname> display ssh server status
SSH server: Enable
SSH version : 1.5
SSH authentication-timeout : 60 second(s)
SSH server key generating interval : 0 hour(s)
SSH authentication retries : 3 time(s)
Table 1-3 Description on fields of the display ssh server status command
|
Field |
Description |
|
SSH server |
Status of the SSH server function |
|
SSH version |
SSH protocol version |
|
SSH authentication-timeout |
SSH connection timeout time |
|
SSH server key generating interval |
SSH server key update period |
|
SSH authentication retries |
Number of SSH authentication attempts |
# Display the session information of the SSH server.
<Sysname> display ssh server session
Conn Ver Encry State Retry SerType Username
VTY 2 1.5 3DES started 0 SSH client001
Table 1-4 Description on fields of the display ssh server session command
|
Field |
Description |
|
Conn |
Connected VTY channel |
|
Ver |
Protocol version |
|
Encry |
Encryption algorithm |
|
State |
Session state |
|
Retry |
Number of attempts |
|
SerType |
Service type |
|
Username |
Name of a user |
1.1.4 display ssh user-information
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username: SSH username, a string of up to 80 characters.
Description
Use the display ssh user-information command to display the information of the SSH user, including username, key name, and authentication mode. If a username is not specified, the information of the all users will be displayed.
Related command: ssh user assign rsa-key, ssh user authentication-type.
Example
# Display the information of users.
<Sysname> display ssh user-information
Username Authentication-type User-public-key-name
client001 password null
Table 1-5 Description on fields of the display ssh user-information command
|
Field |
Description |
|
Username |
Name of a user |
|
Authentication-type |
Authentication type |
|
User-public-key-name |
Name of a user public key |
1.1.5 peer-public-key end
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end command to return from public key view to system view.
Related command: rsa peer-public-key.
Example
# Exit public key view.
<Sysname> system-view
[Sysname] rsa peer-public-key Sysname003
[Sysname-rsa-public-key] peer-public-key end
[Sysname]
1.1.6 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports all of the two protocols: Telnet, and SSH.
ssh: Supports SSH only.
telnet: Supports Telnet only.
Description
Use the protocol inbound command to enable the current user interface to support Telnet, SSH, or all of them.
By default, a user interface supports all of the two protocols: Telnet and SSH.
The configuration of this command takes effect at next login.
If you configure the current user interface to support SSH, be sure to configure the authentication-mode scheme command.
Example
# Enable VTYs 0 to 4 to support SSH only.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
[Sysname-ui-vty0-4] protocol inbound ssh
1.1.7 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin command to enter RSA key code view.
Note that:
l With the public-key-code begin command, you can enter public key code view to input key data. Spaces and carriage returns are allowed between characters.
l The public key you input must be a hexadecimal string that is generated randomly by the SSH-supported client software and coded using the PKCS standard.
Related command: rsa peer-public-key, public-key-code end.
Example
# Enter public key code view to input the key.
<Sysname> system-view
[Sysname] rsa peer-public-key Sysname003
[Sysname-rsa-public-key] public-key-code begin
[Sysname-rsa-key-code]30818602 818078C4 32AD7864 BB0137AA 516284BB 3F55F0E3
[Sysname-rsa-key-code]F6DD9FC2 4A570215 68D2B3F7 5188A1C3 2B2D40BE D47A08FA
[Sysname-rsa-key-code]CF41AF4E 8CCC2ED0 C5F9D1C5 22FC0625 BA54BCB3 D1CBB500
[Sysname-rsa-key-code]A177E917 642BE3B5 C683B0EB 1EC041F0 08EF60B7 8B6ED628
[Sysname-rsa-key-code]9830ED46 0BA21FDB F55E7C81 5D1A2045 54BFC853 5358E5CF
[Sysname-rsa-key-code]7D7DDF25 03C44C00 E2F49539 5C4B0201 25
1.1.8 public-key-code end
Syntax
public-key-code end
View
RSA key code view
Parameter
None
Description
Use the public-key-code end command to return from public key code view to public key view and to save the configured public key.
The system verifies the key before saving it. If the key contains illegal characters, the system displays the error message and discards the key.
Related command: rsa peer-public-key, public-key-code begin.
Example
# Exit RSA key code view
<Sysname> system-view
[Sysname] rsa peer-public-key Sysname003
[Sysname-rsa-public-key] public-key-code begin
[Sysname-rsa-key-code] public-key-code end
[Sysname-rsa-public-key]
1.1.9 rsa local-key-pair create
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create command to create the RSA host key pair and server key pair.
l After entering this command, you will be prompted to enter the length of the host key pair. The length of a server/host key must be in the range 512 to 2048 bits. If the key pair already exists, the system will ask you whether you want to overwrite it.
l The configuration of this command can survive a reboot. You only need to configure it once.
Related command: rsa local-key-pair destroy, display rsa local-key-pair public.
Example
# Create the host key pairs and server key pairs.
<Sysname> system-view
[Sysname] rsa local-key-pair create
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
..........++++++++++++
...................++++++++++++
............++++++++
......++++++++
......Done!
1.1.10 rsa local-key-pair destroy
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy command to destroy the RSA host key pair and server key pair.
After entering this command, you will be asked whether you really want to destroy the RSA host key pair and server key pair.
Related command: rsa local-key-pair create.
Example
# Destroy all server-side keys.
<Sysname> system-view
[Sysname]rsa local-key-pair destroy
The local-key-pair will be destroyed.
Confirm to destroy these keys? [Y/N]:y
............Done!
1.1.11 rsa local-key-pair export
Syntax
rsa local-key-pair export ssh1 [ filename ]
View
System view
Parameter
ssh1: Uses the type of SSH1.
filename: Name of the file for the exported RSA host key, a string of 1 to 136 characters.
Description
use the rsa local-key-pair export command to display the RSA host public key on the screen or export it to a specified file.
If you do not specify the filename argument, the command displays the RSA host public key; otherwise, the command exports the RSA host public key to the specified file and saves the file.
Related command: rsa local-key-pair create, rsa local-key-pair destroy.
Example
# Export the RSA host public key in OpenSSH format.
<Sysname> system-view
[Sysname] rsa local-key-pair export ssh1
Host public key for SSH1 format code:
1024 65537 158697745756150507492930074869360076636264579348312709727200714505869
68713127373557019527393496280261397626118895319472242873394077353584978849631661
19788555284250671873170660038950123516349666720528809552638212435555581692242986
82134042703790452165722278387885879724875565660937606461723575978309629067782017
rsa-key-20000428
1.1.12 rsa peer-public-key
Syntax
rsa peer-public-key keyname
undo rsa peer-public-key keyname
View
System view
Parameter
keyname: Name of the public key, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter public key view.
Use the undo peer public-key command to remove a public key for SSH users.
You can use the public-key-code begin command and the public-key-code end command in public key view to configure the peer public key. In this case, you need to obtain the hexadecimal public key generated by the peer in advance.
Related command: public-key-code begin, public-key-code end.
Example
# Enter public key view for public key abc123.
<Sysname> system-view
[Sysname] rsa peer-public-key abc123
[Sysname-rsa-public-key]
1.1.13 rsa peer-public-key import sshkey
Syntax
rsa peer-public-key keyname import sshkey filename
undo rsa peer-public-key keyname
View
System view
Parameter
filename: Public key file name. a string of 1 to 135 characters.
Description
Use the rsa peer-public-key import sshkey command to import the peer public key from a public key file.
Use the undo peer public-key command to remove the peer public key configuration.
After you execute the rsa peer-public-key import sshkey command, the system will transform the generated public key file into the format of public key cryptography standards (PKCS) and configure the peer public key. Before executing this command, make sure that the peer has uploaded the public key file of its RSA key to the local device through FTP/TFTP.
Example
# Configure to import the peer public key from the public key file pub2 and set the public key name to “abc456”.
<Sysname> system-view
[Sysname] rsa peer-public-key abc456 import sshkey pub2
1.1.14 ssh server authentication-retries
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times: Maximum number of authentication attempts, in the range 1 to 5. The default is 3.
Description
Use the ssh server authentication-retries command to set the maximum number of SSH connection authentication attempts, which is validated at next login.
Use the undo ssh server authentication-retries command to restore the default.
Related command: display ssh server.
Example
# Set the maximum number of SSH connection authentication attempts to four.
<Sysname> system-view
[Sysname] ssh server authentication-retries 4
1.1.15 ssh server authentication-timeout
Syntax
ssh server authentication-timeout time-out-value
undo ssh server authentication-timeout
View
System view
Parameter
time-out-value: Authentication timeout period in seconds. It ranges from 1 to120 and defaults to 60.
Description
Use the ssh server authentication-timeout command to set the SSH user authentication timeout period on the SSH server.
Use the undo ssh server authentication-timeout command to restore the default.
Related command: display ssh server.
Example
# Set the SSH user authentication timeout period to 10 seconds.
<Sysname> system-view
[Sysname] ssh server authentication-timeout 10
1.1.16 ssh server enable
Syntax
ssh server enable
undo ssh server enable
View
System view
Parameter
None
Description
Use the ssh server enable command to enable SSH server.
Use the undo ssh server enable command to disable SSH server.
By default, SSH server is disabled.
Example
# Enable SSH server.
<Sysname> system-view
[Sysname] ssh server enable
1.1.17 ssh server rekey-interval
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameter
hours: Update interval in hours, in the range 1 to 24.
Description
Use the ssh server rekey-interval command to set the interval for updating the server key pair.
Use the undo ssh server rekey-interval command to restore the default.
By default, the value of the intervals argument is 0, that is, the server key pair is not updated.
Related command: display ssh server.
Example
# Set the server key pair update interval to three hours.
<Sysname> system-view
[Sysname] ssh server rekey-interval 3
1.1.18 ssh user assign rsa-key
Syntax
ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
undo ssh user username
View
System view
Parameter
username: SSH username, a string of 1 to 80 characters.
keyname: Name of an existing client public key, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key command to assign an existing public key to a user. Use the undo ssh user assign rsa-key command to remove the association.
Note that:
l If the user does not exist, the command creates the user with the authentication method of RSA at first. Use the undo ssh user username command to delete a user.
l If you configure the ssh user assign rsa-key command for a user with a public key, the new public key overwrites the old one.
l The new public key takes effect when the user logs in next time.
Related command: display ssh user-information.
Example
# Assign key1 to user zhangsan.
<Sysname> system-view
[Sysname] ssh user zhangsan assign rsa-key key1
1.1.19 ssh user authentication-type
Syntax
ssh user username authentication-type { password | rsa | all }
undo ssh user username authentication-type
undo ssh user username
View
System view
Parameter
username: SSH username, a string of 1 to 80 characters.
password: Performs password authentication of the client.
rsa: Performs RSA authentication of the client.
all: Performs either password authentication or RSA authentication. The client tries RSA authentication first.
Description
Use the ssh user authentication-type command to specify the authentication method for an SSH user.
Use the undo ssh user authentication-type command to restore the default.
By default, the authentication method for an SSH user is RSA.
Note that:
l Configuring this command on the server, you specify the authentication method that the client can select. Note that the authentication method that a client uses at login depends on the client itself.
l If the specified user does not exist, the command creates the user . Use the undo ssh user username command to delete a user.
l The configuration takes effect when the user logs in next time.
l For a user using RSA authentication, you must configure the username and public keys on the device. For a user using password authentication, you can configure the accounting information on the device or remote authentication server.
Related command: display ssh user-information.
Example
# Specify the authentication method of password for user zhangsan.
<Sysname> system-view
[Sysname] ssh user zhangsan authentication-type password
