H3C S3100 Series Ethernet Switches command Manual-Release 21XX Series(V1.06)

HomeSupportSwitchesH3C S3100 Switch SeriesReference GuidesCommand ReferencesH3C S3100 Series Ethernet Switches command Manual-Release 21XX Series(V1.06)
29-SSH Commands
Title Size Download
29-SSH Commands 208.88 KB

SSH Commands

display public-key local

Syntax

display public-key local { dsa | rsa } public

View

Any view

Parameters

dsa: Displays the public key of the current switch’s DSA key pair.

rsa: Displays the public key part of the current switch’s RSA key pair(s).

Description

Use the display public-key local command to display the public key part of the current switch’s key pairs.

 

 

Because an S3100-SI switch supports only the SSH2 mode, using the display public-key local rsa public command on it can display only one public key (that is, the host public key) after the RSA key pair is generated.

 

Related commands: public-key local create.

Examples

# Display the public key part of the current switch’s RSA key pair(s).

<Sysname> display public-key local rsa public

 

=====================================================

Time of Key pair created: 23:48:18  2000/04/03

Key name: Sysname_Host

Key type: RSA encryption Key

=====================================================

Key code:

30819F300D06092A864886F70D010101050003818D0030818902818100C7C4D2E1C59A7590

8417C660AD1D5EB172AB6EE9AAF994DB7A1C31EB87F750EE12A57832C6070FC008A5EE2B66

75FD6A430575D97350E300A20FEB773D93D7C3565467B0CA6B95C07D3338C523743B49D82C

5EC2C9458D248955846F9C32F4D25CC92D0E831E564BBA6FAE794EEC6FCDEDB822909CC687

BEBF51F3DFC5C30D590203010001

 

=====================================================

Time of Key pair created: 23:48:36  2000/04/03

Key name: Sysname_Server

Key type: RSA encryption Key

=====================================================

Key code:

307C300D06092A864886F70D0101010500036B003068026100BC86D8F08E101461C1231B12

2777DBE777645C81C569C004EC2FEC03C205CC7E3B5DAA38DD865C6D1FB61C91B85ED63C6F

35BAFBF9A6D2D2989C20051FF8FA31A14FCF73EC1485422E5B800B55920FC121329020E82F

2945FFAD81BE72663BF70203010001

# Display the public key of the current switch’s DSA key pair.

<Sysname> display public-key local dsa public

 

=====================================================

Time of Key pair created: 08:01:23  2000/04/02

Key name:

Key type: DSA encryption Key

=====================================================

Key code:

308201B73082012C06072A8648CE3804013082011F02818100D757262C4584C44C211F18BD

96E5F061C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE65BE6C265854889DC1E

DBD13EC8B274DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B06FD60FE01941D

DD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B36895038

7811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F0281810082269009E1

4EC474BAF2932E69D3B1F18517AD9594184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD

35D02492B3959EC6499625BC4FA5082E22C5B374E16DD00132CE71B020217091AC717B6123

91C76C1FB2E88317C1BD8171D41ECB83E210C03CC9B32E810561C21621C73D6DAAC028F4B1

585DA7F42519718CC9B09EEF038184000281804B7E6A5D60A6B71C0B585ED495C36F82C170

72C0446CE099F2C733171E8C014B6D4F91C54C9998921CA35C7BD4385E55D39B324F04DBE9

F4CC91DE8ED949C7007C160D129ECB54D6C39E697DAD5BFB56BAF3281584B23CA7DFB46AAB

5B8C56A5903F61B34A157022E68C6C2423D42B880FB20BA86135369F7CF3ACA46A55BEF8 

display public-key peer

Syntax

display public-key peer [ brief | name pubkey-name ]

View

Any view

Parameters

brief: Displays brief information about the locally saved public keys of all SSH peers.

pubkey-name: Name of the public key, a string of 1 to 64 characters.

Description

Use the display public-key peer command to display information about locally saved public keys of SSH peers. If no key name is specified, the command displays detailed information about the locally saved public keys of all SSH peers.

 

 

Sometimes the public key modulo displayed with the display public-key peer command is one bit smaller than the actual modulo. This is because the actually generated key pair is one bit smaller than specified. For example, when you specify a 1024-bit key pair, the actually generated key pair may have 1024 or 1023 bits.

 

You can configure an SSH peer’s public key on the current switch by using the public-key peer command or the public-key peer import sshkey command.

 

Related commands: public-key peer, public-key peer import sshkey.

Examples

# Display brief information about all peer public keys.  

<Sysname> display public-key peer brief

Type  Module  Name

---------------------------

RSA   1023    idrsa

DSA   1024    127.0.0.1

RSA   1024    18

# Display the information about the public key named pubkey-name.

<Sysname> display public-key peer name pubkey-name

=====================================

  Key name  : pubkey-name

  Key type  : RSA

  Key module: 1024

=====================================

Key Code:

30819D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0

C01C7CE136BA76C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB

39B3F39C5CE56C95B6AB7442D56393BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFF

B58BE6F035FAA2C596B27D1231D159846B7CB9A7757C5800FADA9FD72F65672F4A549EE99F

63095E11BD37789955020123

display rsa local-key-pair public

Syntax

display rsa local-key-pair public

View

Any view

Parameters

None

Description

Use the display rsa local-key-pair public command to display the public key part of the current switch’s RSA key pair(s). If no key pair has been generated, the system prompts “% RSA keys not found”.

Related commands: rsa local-key-pair create.

Examples

# Display the public key part of the current switch’s RSA key pair(s).

<Sysname> display rsa local-key-pair public

 

=====================================================

Time of Key pair created: 20:08:35  2000/04/02

Key name: Sysname_Host

Key type: RSA encryption Key

=====================================================

Key code:

3047

  0240

    DE99B540 87B666B9 69C948CD BBCC2B60 997F9C18

    9AA6651C 6066EF76 242DEAD1 DEFEA162 61677BD4

    1A7BFAE7 668EDAA9 FB048C37 A0F1354D 5798C202

    2253F4F5

  0203

    010001

 

=====================================================

Time of Key pair created: 20:08:46  2000/04/02

Key name: Sysname_Server

Key type: RSA encryption Key

=====================================================

Key code:

3067

  0260

    D6D70AE4 D2A900BE AC21B4E7 617CBEFA 2BAED61F

    B637070C 093F43AF 9DB9D644 BCD921EF D056EF36

    26825C2A 1FC0EFC3 E27B5110 3F20F790 6C83274B

    D0FC303F 51072D6C B5D0054D 3673EBA0 A4748984

    5EBF6EBE CF6A13B1 C7858241 A2A9AA79

  0203

    010001   

 

After the RSA key pair is generated, the display rsa local-key-pair public command displays two public keys (the host public key and server public key) when the S3100-EI switch is working in SSH1-compatible, but only one public key (the host public key) when the switch is working in SSH2 mode.

 

display rsa peer-public-key

Syntax

display rsa peer-public-key [ brief | name keyname ]

View

Any view

Parameters

brief: Displays brief information about the public keys of all SSH peers.

keyname: Specifies a key by its name, which is a string of 1 to 64 characters.

Description

Use the display rsa peer-public-key command to display information about the locally saved public keys of all SSH peers. If no key name is specified, the command displays detailed information about the locally saved public keys of all SSH peers.

 

 

Sometimes the public key modulo displayed with the display rsa peer-public-key command is one bit smaller than the actual modulo. This is because the actually generated key pair is one bit smaller than specified. For example, when you specify a 1024-bit key pair, the actually generated key pair may have 1024 or 1023 bits.

 

Examples

# Display brief information about all peer public keys.

<Sysname> display rsa peer-public-key brief

Type  Module  Name

---------------------------

DSA   1023    2

DSA   1024    a

# Display the information about public key “abcd”.

<Sysname> display rsa peer-public-key name abcd

 

=====================================

  Key name  : abcd

  Key type  : RSA

  Key module: 1024

=====================================

Key Code:

30819F300D06092A864886F70D010101050003818D0030818902818100B0EEC8768E310AE2

EE44D65A2F944E2E6F32290D1ECBBFFF22AA11712151FC29F1C1CD6D7937723F77103576C4

1A03DB32F32C46DEDA68566E89B53CD4DF8F9899B138C578F7666BFB5E6FE1278A84EC8562

A12ACBE2A43AF61394276CE5AAF5AF01DA8B0F33E08335E0C3820911B90BF4D19085CADCE0

B50611B9F6696D31930203010001

display ssh server

Syntax

display ssh server { session | status }

View

Any view

Parameters

session: Displays SSH session information.

status: Displays SSH status information.

Description

Use the display ssh server command on an SSH server to display SSH status or session information.

Related commands: ssh server authentication-retries, ssh server timeout, ssh server compatible-ssh1x enable, ssh server rekey-interval.

Examples

# Display SSH server status information on an S3100-EI switch.

<H3C> display ssh server status

 SSH version : 1.99

 SSH connection timeout : 60 seconds

 SSH server key generating interval : 0 hours

 SSH Authentication retries : 3 times

 SFTP Server: Disable

 SFTP idle timeout : 10 minutes     

# Display SSH server status information on an S3100-SI switch.

<H3C> display ssh server status

 SSH version : 2.0

 SSH connection timeout : 60 seconds

 SSH Authentication retries : 3 times

 SFTP Server: Disable

 SFTP idle timeout : 10 minutes

 

l          If you use the ssh server compatible-ssh1x enable command to configure the server to be compatible with SSH1.x clients, the SSH version will be displayed as 1.99.

l          If you use the undo ssh server compatible-ssh1x command to configure the server to be not compatible with SSH1.x clients, the SSH version will be displayed as 2.0.

 

# Display session information about the SSH Server.

<Sysname> display ssh server session

 Conn   Ver   Encry    State     Retry    SerType  Username

 VTY 0  2.0   AES      started   0        stelnet  kk

 VTY 1  2.0   AES      started   0        sFTP     abc

Table 1-1 Description on the fields of the display ssh server session command

Field

Description

Conn

Number of VTY interface used for user login

Ver

SSH version

Encry

Encryption algorithm used by SSH

State

Session status

Retry

Number of connection retries

SerType

Service type

Username

User name

 

display ssh server-info

Syntax

display ssh server-info

View

Any view

Parameters

None

Description

Use the display ssh server-info command on an SSH client to display the mappings between SSH servers and their public keys saved on the client.

 

If an SSH client needs to authenticate the SSH server, it uses the locally saved public key of the server for authentication. In case the authentication fails, you can use the display ssh server-info command to view whether the locally saved public key of the server is correct.

 

Related commands: ssh client assign, ssh client first-time enable.

Examples

# Display the mappings between SSH servers and their public keys saved on the client.

<Sysname> display ssh server-info

Server Name(IP)                                   Server public key name

_________________________________________________________________________

 

192.168.0.90                                      192.168.0.90

display ssh user-information

Syntax

display ssh user-information [ username ]

View

Any view

Parameters

username: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), and the vertical bar sign (|). In addition, the @ sign can appear up to once, the username part (that is, the string before the @ sign) cannot be more than 55 characters, and the domain name part cannot be more than 128 characters.

Description

Use the display ssh user-information command on an SSH server to display information about the current SSH users, including user name, authentication type, corresponding public key name and authorized service type. If the username argument is specified, the command displays information about the specified user.

Related commands: ssh authentication-type default, ssh user, ssh user authentication-type, ssh user assign, ssh user service-type.

Examples

# Display information about the current SSH users.

<Sysname> display ssh user-information

 Username            Authentication-type  User-public-key-name  Service-type

 kk                 publickey            test                  sftp  

peer-public-key end

Syntax

peer-public-key end

View

Public key view

Parameters

None

Description

Use the peer-public-key end command to return from public key view to system view.

Related commands: rsa peer-public-key, public-key-code begin, public-key peer.

Examples

# Exit public key view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rsa peer-public-key Switch003

RSA public key view: return to System View with "peer-public-key end".

[Sysname-rsa-public-key] peer-public-key end

[Sysname]

protocol inbound

Syntax

protocol inbound { all | ssh | telnet }

View

VTY user interface view

Parameters

all: Supports both Telnet and SSH.

ssh: Supports only SSH.

telnet: Supports only Telnet.

Description

Use the protocol inbound command to configure specific user interface(s) to support specified protocol(s). The configuration will take effect at next user login.

By default, both SSH and Telnet are supported.

 

As SSH clients access the SSH server through VTY user interfaces, you need configure the VTY user interfaces of the SSH server to support remote SSH login.

 

 

l          If you have configured a user interface to support SSH protocol, to ensure a successful login to the user interface, you must configure AAA authentication for the user interface by using the authentication-mode scheme command.

l          For a user interface, if you have executed the authentication-mode password or authentication-mode none command, the protocol inbound ssh command cannot be executed; if you have executed the protocol inbound ssh command, neither of the authentication-mode password and authentication-mode none commands can be executed.

 

Examples

# Configure vty0 through vty4 to support SSH only.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] authentication-mode scheme

[Sysname-ui-vty0-4] protocol inbound ssh

public-key local create

Syntax

public-key local create { dsa | rsa }

View

System view

Parameters

dsa: Specifies the DSA key pair.

rsa: Specifies the RSA key pair.

Description

Use the public-key local create command to create a local DSA key pair or RSA key pair.

Note that:

l          Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.

l          After entering this command, you will be prompted to provide the length of the key pair. The length of a server/host key must be in the range 512 to 2048 bits and defaults to 1024. If the key pair already exists, the system will ask you whether you want to overwrite it.

l          The configuration of this command can survive a reboot. You only need to configure it once.

Related commands: public-key local destroy, display public-key local.

Examples

# Create an RSA key pair of 512 bits.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

       It will take a few minutes.

Input the bits in the modulus[default = 1024]: 512

Generating keys...

...++++++

...................................................................++++++

...........................++++++++

.....++++++++

......                                                                     

# Display the public key part of the RSA key pair(s).

[Sysname] display public-key local rsa public

 

=====================================================

Time of Key pair created: 03:14:23  2000/04/06

Key name: Sysname_Host

Key type: RSA encryption Key

=====================================================

Key code:

305C300D06092A864886F70D0101010500034B003048024100D6665EFEC14F48A5B42A413E

2FACCAA9F02C772AEDC4911E76AAEE55BA49C4A0233D2D80504068BD9C892C0DD9EBBBC7EB

8842ED61CDB418A29CA1362BB48C190203010001

 

=====================================================

Time of Key pair created: 03:14:36  2000/04/06

Key name: Sysname_Server

Key type: RSA encryption Key

=====================================================

Key code:

307C300D06092A864886F70D0101010500036B003068026100A3B63F5B0E5470D9FE200545

0342011FEDE2A924C71EB19E28D257E43EF7E531D7C37FBB157712A2F2AF0F5BAF3E605954

96C5B3EAFF25BFB56F1E1CC7A7004D0FF048654BFEADB21C5AF3E24FB0516393BFEEF65A83

B7416F170886904C8BE30203010001

# Create a DSA key pair of 512 bits.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] public-key local create dsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

       It will take a few minutes.

Input the bits in the modulus[default = 1024]:512

Generating keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+..+................

.......+..........+..............+.............+...+.....+...............+..+...

...+.................+..........+...+....+.......+.....+............+.........+.

........................+........+..........+..............+.....+...+..........

..............+.........+..........+...........+........+....+..................

.....+++++++++++++++++++++++++++++++++++++++++++++++++++*

......                             

# Display the public key of the DSA key pair.

[Sysname]display public-key local dsa public

 

=====================================================

Time of Key pair created: 03:17:33  2000/04/06

Key name:

Key type: DSA encryption Key

=====================================================

Key code:

3081F03081A806072A8648CE38040130819C0241008DF2A494492276AA3D25759BB06869CB

EAC0D83AFB8D0CF7CBB8324F0D7882E5D0762FC5B7210EAFC2E9ADAC32AB7AAC49693DFBF8

3724C2EC0736EE31C80291021500C773218C737EC8EE993B4F2DED30F48EDACE915F024062

6D027839EA0A13413163A55B4CB500299D5522956CEFCB3BFF10F399CE2C2E71CB9DE5FA24

BABF58E5B79521925C9CC42E9F6F464B088CC572AF53E6D7880203430002406FBDE6C9BD57

8722585CDF4F3BFB31DD739865D1EA0312EDF2BAF4841C0A963E400640E467206817292CDF

E5D91D86FDB9C3A16141E675E6FFC6C2577E660FF1

public-key local destroy

Syntax

public-key local destroy { dsa | rsa }

View

System view

Parameters

dsa: Specifies the DSA key pair.

rsa: Specifies the RSA key pair.

Description

Use the public-key local destroy command to destroy the DSA key pair or RSA key pair generated for the current switch.

Related commands: public-key local create.

Examples

# Destroy the RSA key pair of the current switch.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]public-key local destroy dsa

% Confirm to destroy these keys? [Y/N]:y

......

# Destroy the DSA key pair of the current switch.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname] public-key local destroy dsa

% Confirm to destroy these keys? [Y/N]:y

......

public-key local export rsa

Syntax

public-key local export rsa { openssh | ssh1 | ssh2 } [ filename ]

View

System view

Parameters

rsa: Specifies the host public key of the current switch’s RSA key pair.

openssh: Specifies the format of the exported file as OpenSSH.

ssh1: Specifies the format of the exported file as SSH1.

ssh2: Specifies the format of the exported file as SSH2.

filename: Name of the file for saving the host public key, a string of 1 to 142 characters. For file naming rules, refer to File System Management Command.

Description

Use the public-key local export rsa command to display the host public key of the current switch’s RSA key pair on the screen or export it to a specified file.

If you specify a filename, the host public key will be exported to the file and the file will be saved. If you do not specify any filename, the host public key will be displayed on the screen.

 

l          SSH1, SSH2, and OpenSSH are three public key file formats. You can choose one as required.

l          The host public key displayed on the screen is in a format that is not transformed and cannot be used as the public key data for public key configuration.

 

Related commands: public-key local create, rsa local-key-pair create.

  Examples

# Generate an RSA key pair.

<Sysname> system-view

[Sysname] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

       It will take a few minutes.

Input the bits in the modulus[default = 1024]:

Generating keys...

...............................................++++++

......++++++

.................++++++++

.....++++++++

.......                 

# Display the host public key in the OpenSSH format.

[Sysname]public-key local export rsa openssh

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgMSPi+xIkHkAo6E9LwLKWN+eN9EqW/6FIYEIlVKcpIa0

6IT4eSyq4OldeiZ9WorOiDqX3ROo4FmaTR/QCSK3C9whE1qz/4soVL1eHDdgzQCumKKsJCVaM5OdZ2sdNbEnhLucs8ZrfTgEkDB1hmbgzuDpWPokPfkQDD+8dC+hkFVV rsa-key

# Export the host public key of the RSA key pair in the format of OpenSSH and save the public key file as pub_ssh_file2.

[Sysname] public-key local export rsa openssh pub_ssh_file2

# Export the host public key of the RSA key pair in the format of SSH1 and save the public key file as pub_ssh_file3.

[Sysname] public-key local export rsa ssh1 pub_ssh_file3

public-key local export dsa

Syntax

public-key local export dsa { openssh | ssh2 } [ filename ]

View

System view

Parameters

dsa: Specifies the public key of the current switch’s DSA key pair.

openssh: Uses the format of OpenSSH.

ssh2: Uses the format of SSH2.

filename: Name of the file for saving the public key, a string of 1 to 142 characters. For file naming rules, refer to File System Management Command.

Description

Use the public-key local export dsa command to display the public key of the current switch’s DSA key pair on the screen or export it to a specified file.

If you specify a filename, the public key will be exported to the file and the file will be saved. If you do not specify any filename, the public key will be displayed on the screen.

 

l          SSH1, SSH2, and OpenSSH are three public key file formats. You can choose one as required.

l          The host public key displayed on the screen is in a format that is not transformed and cannot be used as the public key data for public key configuration.

 

Related commands: public-key local create.

Examples

# Generate a DSA key pair.

<Sysname> system-view

[Sysname]public-key local create dsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

       It will take a few minutes.

Input the bits in the modulus[default = 1024]:

Generating keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+..+..........

.............+..........+..............+.............+...+.....+..........

.....+..+......+.................+..........+...+....+.......+.....+......

......+.........+.........................+........+..........+...........

...+.....+...+........................+.........+..........+...........+..

......+....+.......................+++++++++++++++++++++++++++++++++++++++

++++++++++++*

.......

# Display the public key in the SSH2 format.

[Sysname] public-key local export dsa ssh2

---- BEGIN SSH2 PUBLIC KEY ----

Comment: "dsa-key-20000406"

AAAAB3NzaC1kc3MAAACA11cmLEWExEwhHxi9luXwYcTwpCP3/mtrhbNM73LOFKDTpSIv4Izs5l

vmwmWFSIncHtvRPsiydNqfdbomzLmHcjYCeH6SK6hEIfIsPInLmwb9YP4BlB3dd/5rEok9p27r

wdEo2X8GeNdyK1NByFBvNYIUsWovrEs2iVA4eBHH2jMAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV

8AAACAgiaQCeFOxHS68pMuadOx8YUXrZWUGEzN/OrpbsTV75MTPoS0cJPFKyDNNdAkkrOVnsZJ

liW8T6UILiLFs3ThbdABMs5xsCAhcJGscXthI5HHbB+y6IMXwb2BcdQey4PiEMA8ybMugQVhwh

Yhxz1tqsAo9LFYXaf0JRlxjMmwnu8AAACA04Cd4ccxNjCMWzPAzZhj65GjyxExYS72XKWt0S0A

Us51ttRCqOHV/G8LUcdQ4pkp7XK6YGvxS0m1RPb9cIOMQZSYdHiXOq45zFA3Y8ylnWWF6EiuVU

stjN8RC8VtnTzzIbihwmSSR0R9OEGi1vnxCdA1l5wDhuEYJMgq9ipVXLA=

---- END SSH2 PUBLIC KEY ----

# Export the public key in OpenSSH format.

<Sysname> system-view

[Sysname] public-key local export dsa openssh key.pub

public-key peer

Syntax

public-key peer keyname

undo public-key peer keyname

View

System view

Parameters

keyname: Name of the public key, a string of 1 to 64 characters.

Description

Use the public-key peer command to enter public key view.

Use the undo public-key peer command to delete the configuration of peer public key.

After configuring this command, you enter public key view. You can use this command together with the public-key-code begin command to configure the peer public key. This public key configuration method requires that you obtain the public key in hexadecimal format in advance.

 

Only the public key whose module is of 512 to 2,048 bits can be configured on the device currently.

 

Related commands: public-key-code begin, public-key-code end.

Examples

# Enter public key view

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]public-key peer pub.ppk

PKEY public key view: return to System View with "peer-public-key end".

[Sysname-peer-public-key]

public-key peer import sshkey

Syntax

public-key peer keyname import sshkey filename

undo public-key peer keyname

View

System view

Parameters

keyname: Name of the public key , a string of 1 to 64 characters.

filename: Name of a public key file, a string of 1 to 142 characters. For file naming rules, refer to File System Management Command.

Description

Use the public-key peer import sshkey command to import a peer public key from the public key file.

Use the undo public-key peer command to remove the setting.

 

l          Only public key files in the format of SSH1, SSH2, or OpenSSH are supported.

l          Currently, only public keys whose modules are in the range 512 to 2048 bits can be imported to the switch.

l          You may use this command to configure an SSH peer’s public key on the current switch. After you issue this command, the system will automatically identify the format of the public key, transforms the public key into the PKCS format, and saves the public key locally. This public key configuration method requires that the public key file be uploaded to the current switch through FTP or TFTP.

 

Examples

# Import the public key of the user from the public key file named pub.ppk and name it as peer.pk.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname] public-key peer peer.pk import sshkey pub.ppk

public-key-code begin

Syntax

public-key-code begin

View

Public key view

Parameters

None

Description

Use the public-key-code begin command to enter public key edit view.

After entering public key code view, you can input the key data. It must be a hexadecimal string and coded compliant to PKCS.

Related commands: rsa peer-public-key, public-key peer, public-key-code end.

Examples

# Enter public key edit view and input a public key.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rsa peer-public-key Switch003

RSA public key view: return to System View with "peer-public-key end".

[Sysname-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[Sysname-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[Sysname-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[Sysname-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[Sysname-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[Sysname-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[Sysname-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[Sysname-rsa-key-code] public-key-code end

[Sysname-rsa-public-key]

public-key-code end

Syntax

public-key-code end

View

Public key edit view

Parameters

None

Description

Use the public-key-code end command to return from public key edit view to public key view and save the public key you input.

After you use this command to end editing the public key, the system will check the validity of the public key before saving the key.

l          If there is any illegal character in the key, your configuration fails. In this case, a prompt is displayed and the key is discarded.

l          If the key is valid, it is saved in the local public key list.

Related commands: rsa peer-public-key, public-key peer, public-key-code begin.

Examples

# Exit public key edit view and save the public key you input.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rsa peer-public-key Switch003

RSA public key view: return to System View with "peer-public-key end".

[Sysname-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[Sysname-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[Sysname-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[Sysname-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[Sysname-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[Sysname-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[Sysname-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[Sysname-rsa-key-code] public-key-code end

[Sysname-rsa-public-key]

rsa local-key-pair create

Syntax

rsa local-key-pair create

View

System view

Parameters

None

Description

Use the rsa local-key-pair create command to generate an RSA key pair for the current switch.

Note that:

l          After entering this command, you will be prompted to provide the length of the key pair. The length of a server/host key must be in the range 512 to 2048 bits and defaults to 1024. If the key pair already exists, the system will ask you whether you want to overwrite it.

l          The configuration of this command can survive a reboot. You only need to configure it once.

l          After the RSA key pair is generated, the display rsa local-key-pair public command displays two public keys (the host public key and server public key) when the S3100-EI switch is working in SSH1-compatible mode, but only one public key (the host public key) when the switch is working in SSH2 mode.

Related commands: rsa local-key-pair destroy, display rsa local-key-pair public.

Examples

# Generate a local RSA key pair.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rsa local-key-pair create

The local-key-pair will be created.

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

       It will take a few minutes.

Input the bits in the modulus[default = 1024]:

Generating keys...

........................++++++

.......++++++

.................................++++++++

...++++++++

........Done!

# Display the public key part of the current switch’s RSA key pair(s).

[Sysname] display rsa local-key-pair public

 

=====================================================

Time of Key pair created: 02:31:51  2000/04/09

Key name: Sysname_Host

Key type: RSA encryption Key

=====================================================

Key code:

308188

  028180

    F0C0EDA9 FA2E2FAC 4B16CA34 677F1861 A13E89BE

    6AAAC326 4E17268D EFADED1A FCA39047 52F18422

    B8C875DF 3626150D 4057EE12 371D5E62 57D34A16

    5045A403 FA805F72 B2780C9A 041ED99E 2841F600

    AB30DB10 821EF338 1FA54FE5 3DC79E46 74E45127

    3D4CA70F 253645DA 57524DC3 513BAC53 2C1B7F8F

    2481FA79 D4AA15C7

  0203

    010001

 

=====================================================

Time of Key pair created: 02:32:06  2000/04/09

Key name: Sysname_Server

Key type: RSA encryption Key

=====================================================

Key code:

3067

  0260

    C9BEF5C8 1AF3E457 AD007039 DDB21785 28B0204F

    A9ED61A6 AD381860 9491B700 0286568F 4CAF27B1

    1B17B1A2 0D516E74 8DAFA6C1 0F71624B B8BE6FB2

    F550E7B9 BABD5B34 7D3E85C2 126B59DC 93BB4EA5

    6A147737 E9CE41EB 1B31171C 142902AF

  0203

    010001

rsa local-key-pair destroy

Syntax

rsa local-key-pair destroy

View

System view

Parameters

None

Description

Use the rsa local-key-pair destroy command to destroy the current switch’s RSA key pair.

Related commands: rsa local-key-pair create.

Examples

# Destroy the current switch’s RSA key pair.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rsa local-key-pair destroy

% The local-key-pair will be destroyed.

% Confirm to destroy these keys? [Y/N]:y

.............Done!

rsa peer-public-key

Syntax

rsa peer-public-key keyname

undo rsa peer-public-key keyname

View

System view

Parameters

keyname:  Name of the public key to be configured , a string of 1 to 64 characters.

Description

Use the rsa peer-public-key command to enter public key view.

Use the undo rsa peer-public-key command to remove the setting.

After using this command, you can use the public-key-code begin command to configure the peer public key. This public key configuration method requires that you obtain the peer public key in hexadecimal format in advance.

 

Currently, the switch supports only public keys of 512 to 2048 bits.

 

Related commands: public-key-code begin, public-key-code end.

Examples

# Enter Switch002 public key view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rsa peer-public-key Switch002

RSA public key view: return to System View with "peer-public-key end".

[Sysname-rsa-public-key]

rsa peer-public-key import sshkey

Syntax

rsa peer-public-key keyname import sshkey filename

undo rsa peer-public-key keyname

View

System view

Parameters

keyname: Name of the public key to be configured, a string of 1 to 64 characters.

filename: Name of a public key file, a string of 1 to 142 characters. For file naming rules, refer to File System Management Command.

Description

Use the rsa peer-public-key import sshkey command to import a peer public key from the public key file.

Use the undo rsa peer-public-key command to remove the setting.

 

l          Only public key files in the format of SSH1 or SSH2 are supported.

l          Currently, only public keys whose modules are in the range 512 to 2048 bits can be imported to the switch.

l          You may use this command to configure an SSH peer’s public key on the current switch. After you issue this command, the system will automatically identify the format of the public key, transforms the public key into the PKCS format, and saves the public key locally. This public key configuration method requires that the public key file be uploaded to the current switch through FTP or TFTP.

 

The rsa peer-public-key import sshkey command can transform only RSA public keys. If you want DSA public keys to be transformed and configured automatically, use the public-key peer import sshkey command.

 

Examples

# Transform the format of client public key file abc and configure a public key named 123.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] rsa peer-public-key 123 import sshkey abc

ssh authentication-type default

Syntax

ssh authentication-type default { all | password | password-publickey | publickey | rsa }

undo ssh authentication-type default

View

System view

Parameters

all: Specifies either the password authentication or the publickey authentication for SSH users.

password: Specifies the authentication mode for SSH users as password authentication.

password-publickey: Specifies that both the password and the publickey must be authenticated for SSH users.

publickey: Specifies the authentication mode for the SSH user as publickey (RSA key or DSA key ) authentication.

rsa: Specifies the authentication mode for the SSH user as publickey (RSA key or DSA key ) authentication. The authentication modes specified by the rsa keyword and publickey keyword are implemented in the same way.

Description

Use the ssh authentication-type default command to specify a default authentication mode for SSH users. After this command is configured, when an SSH user is added by using the ssh user command, the default authentication mode is adopted for the user if no authentication mode is specified by using the ssh user authentication-type command.

Use the undo ssh authentication-type default command to remove the specified default authentication mode. That is, no default authentication mode is specified for SSH users. In this case, when an SSH user is added, you must specify an authentication mode for the user at the same time.

By default, no default authentication mode is specified.

Related commands: display ssh user-information.

Examples

# Specify the publickey authentication as the default authentication mode.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]ssh authentication-type default publickey

# Create an SSH user

[Sysname] ssh user user1

# Display information about SSH users.

[Sysname] display ssh user-information

 Username            Authentication-type  User-public-key-name  Service-type

 user1               publickey            null                  stelnet

ssh client assign

Syntax

ssh client { server-ip | server-name } assign { publickey | rsa-key } keyname

undo ssh client { server-ip | server-name } assign { publickey | rsa-key }

View

System view

Parameters

server-ip: IP address of the server.

server-name: Name of the server, a string of 1 to 184 characters.

keyname: Name of the public key of the server, a string of 1 to 64 characters.

 

Both publickey and rsa-key indicate specifying the publickey key. They are implemented with the same method.

 

Description

Use the ssh client assign command to specify the name of the public key of the server on the client so that the client can authenticate whether the server to be accessed is reliable.

Use the undo ssh client assign command to remove the mapping between the client and the public key of the server.

By default, a client does not have the name of the server’s public key specified and it uses the IP address or host name that it used to log in to the SSH server as the public key name.

 

If a client does not support first-time authentication, it will refuse to access any unauthenticated server. In this case, you need to configure the public key of the server on the client and associate the public key and the server so that the client can authenticate the server during login.

 

If a pair of SSH peers are both switches that support both DSA and RSA, you must configure the DSA public key of the server on the client.

 

Related command: ssh client first-time enable.

Examples

# Specify the name of the DSA public key of the server (whose IP address is 192.168.0.1) as pub.ppk on the client.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname] ssh client 192.168.0.1 assign publickey pub.ppk

ssh client first-time enable

Syntax

ssh client first-time enable

undo ssh client first-time

View

System view

Parameters

None

Description

Use the ssh client first-time enable command to enable the client to run first-time authentication for the SSH server it accesses for the first time.

Use the undo ssh client first-time command to disable the client from running first-time authentication.

 

 

l          With first-time authentication enabled, an SSH client that is not configured with the server’s host public key can continue accessing the server when it accesses the server for the first time, and it will save the host public key for use in subsequent authentications.

l          With first-time authentication disabled, an SSH client that is not configured with the server host public key will refuse to access the server. For such a client to access the server, you must configure the server’s host public key and specify the public key name for authentication on the client in advance.

 

By default, the client is enabled to run first-time authentication.

Examples

# Disable the client to run first-time authentication.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] undo ssh client first-time

ssh server authentication-retries

Syntax

ssh server authentication-retries times

undo ssh server authentication-retries

View

System view

Parameters

times: Authentication retry times, in the range of 1 to 5.

Description

Use the ssh server authentication-retries command to set the authentication retry times for SSH connections. This configuration will take effect for all users logging in later.

Use the undo ssh server authentication-retries command to restore the default authentication retry times.

By default, the number of authentication retry times is 3.

 

If you have used the ssh user authentication-type command to configure the authentication type of a user to password-publickey, you must set the authentication retry times to a number greater than or equal to 2 (so that the user can access the switch).

 

Related commands: display ssh server.

Examples

# Set the authentication retry times to four.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ssh server authentication-retries 4

ssh server compatible-ssh1x enable

Syntax

ssh server compatible-ssh1x enable

undo ssh server compatible-ssh1x

View

System view

Parameters

None

Description

Use the ssh server compatible-ssh1x enable command to make the server compatible with SSH1.x clients.

Use the undo ssh server compatible-ssh1x command to make the server incompatible with SSH1.x clients.

By default, the server is compatible with SSH1.x clients.

 

 

Currently, only the S3100-EI series support the ssh server compatible-ssh1x enable command.

 

Related commands: display ssh server.

Examples

# Configure the server to be compatible with SSH1.x clients.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ssh server compatible-ssh1x enable

ssh server rekey-interval

Syntax

ssh server rekey-interval hours

undo ssh server rekey-interval

View

System view

Parameters

hours: Interval to update the server keys, ranging from 1 to 24 (in hours).

Description

Use the ssh server rekey-interval command to set the interval to update the RSA server keys regularly.

Use the undo ssh server rekey-interval command to cancel the current configuration.

By default, the update interval is zero, which indicates the system does not update the server keys.

 

l          This command only takes effect on users whose client version is SSH1.

l          Currently, only the S3100-EI series support the ssh server rekey-interval command.

 

Related commands: display ssh server.

Examples

# Configure to update the server's keys every 3 hours.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ssh server rekey-interval 3

ssh server timeout

Syntax

ssh server timeout seconds

undo ssh server timeout

View

System view

Parameters

seconds: Authentication timeout time, ranging from 1 to 120 (in seconds).

Description

Use the ssh server timeout command to set the authentication timeout time for SSH connections.

Use the undo ssh server timeout command to restore the default timeout time (that is, 60 seconds).

The configuration here will take effect at next login.

Related commands: display ssh server.

Examples

# Set the authentication timeout time to 80 seconds.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ssh server timeout 80

ssh user

Syntax

ssh user username

undo ssh user username

View

System view

Parameters

username: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), and the vertical bar sign (|). In addition, the @ sign can appear up to once, the username part (that is, the string before the @ sign) cannot be more than 55 characters, and the domain name part cannot be more than 128 characters.

Description

Use the ssh user command to create an SSH user.

Use the undo ssh user to delete a specified SSH user.

 

An SSH user created with this command uses the default authentication type specified by the ssh authentication-type default command. If no default authentication type is specified for SSH users, you need to use the ssh user authentication-type command to create an SSH user and specify an authentication mode for the user.

 

An SSH user is created on an SSH server for the purpose of specifying the authentication type, the SSH service type, and the public key for the SSH user. An existing SSH user will be removed automatically if it has none of the authentication type, the SSH service type, and the public key configured.

 

Related commands: ssh authentication-type default, ssh user authentication-type.

Examples

# Specify the default authentication type as password authentication. Create an SSH user with the name “abc”.

<Sysname> system-view

Enter system view, return to user view with Ctrl+Z.

[Sysname] ssh authentication-type default password

[Sysname] ssh user abc

# Display SSH user information.

[Sysname] display ssh user-information

 Username            Authentication-type  User-public-key-name  Service-type

 abc                 password             null                  stelnet

ssh user assign

Syntax

ssh user username assign { publickey | rsa-key } keyname

undo ssh user username assign { publickey | rsa-key }

View

System view

Parameters

username: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), and the vertical bar sign (|). In addition, the @ sign can appear up to once, the username part (that is, the string before the @ sign) cannot be more than 55 characters, and the domain name part cannot be more than 128 characters.

keyname: Name of a public key, a string of 1 to 64 characters.

Description

Use the ssh user assign command to assign an existing public key to a specified SSH user.

Use the undo ssh user assign command to remove the association.

The public key of the client is subject to the one assigned last time.

The new public key takes effect when the user logs in next time.

 

l          On an SSH server, you need to assign a public key to each SSH user using publickey authentication.

l          Both publickey and rsa-key indicate specifying the publickey key. They are implemented with the same method.

 

Related commands: display ssh user-information.

Examples

# Assign a public key named 127.0.0.1 to SSH client 1.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]ssh user 1 assign publickey 127.0.0.1

# Display SSH user information.

[Sysname] display ssh user-information

 Username            Authentication-type  User-public-key-name  Service-type

1                   publickey            127.0.0.1             stelnet

ssh user authentication-type

Syntax

ssh user username authentication-type { all | password | password-publickey | publickey | rsa }

undo ssh user username authentication-type

View

System view

Parameters

username: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), and the vertical bar sign (|). In addition, the @ sign can appear up to once, the username part (that is, the string before the @ sign) cannot be more than 55 characters, and the domain name part cannot be more than 128 characters.

all: Specifies that the authentication mode for the SSH user can be either password authentication or publickey authentication.

password: Specifies the authentication mode for the SSH user as password authentication.

password-publickey: Specifies the authentication mode for the SSH user as password and publickey.

publickey: Specifies the authentication mode for the SSH user as publickey (RSA key or DSA key ) authentication.

rsa: Specifies the authentication mode for the SSH user as publickey (RSA key or DSA key ) authentication. The authentication modes specified by the rsa keyword and publickey keyword are implemented in the same way

 

For the password-publickey authentication type:

l          SSH1 client users can access the switch as long as they pass one of the two authentications.

l          SSH2 client users can access the switch only when they pass both the authentications.

 

Description

Use the ssh user authentication-type command to specify the authentication mode for SSH users on the server.

Use the undo ssh user authentication-type command to remove the configuration.

 

You need to specify the authentication mode for an SSH user. Otherwise, the user will not be able to log in to the SSH server.

 

Related commands: display ssh user-information.

Examples

# Specify the publickey authentication for SSH users.

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]ssh user kk authentication-type publickey

# Display SSH user information.

[Sysname] display ssh user-information

 Username            Authentication-type  User-public-key-name  Service-type

 kk                  publickey            null                  stelnet

ssh user service-type

Syntax

ssh user username service-type { stelnet | sftp | all }

undo ssh user username service-type

View

System view

Parameters

username: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), and the vertical bar sign (|). In addition, the @ sign can appear up to once, the username part (that is, the string before the @ sign) cannot be more than 55 characters, and the domain name part cannot be more than 128 characters.

stelnet: Specifies that the user can access the secure Telnet service.

sftp: Specifies that the user can access the SFTP service.

all: Specifies that the user can access both services (secure Telnet and SFTP).

Description

Use the ssh user service-type command to configure service type for a user so that the user can access specified service(s).

Use the undo ssh user service-type command to remove the service type specified for an SSH user.

The default service type for an SSH user is stelnet.

Related commands: display ssh user-information.

Examples

# Specify that user kk can access SFTP service.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ssh user kk service-type sftp

# Display SSH user information.

[Sysname] display ssh user-information

 Username            Authentication-type  User-public-key-name  Service-type

 kk                  publickey            null                  sftp

ssh2

Syntax

ssh2 { host-ip | host-name } [ port-num ] [ identity-key { dsa | rsa } | prefer_kex { dh_group1 | dh_exchange_group } | prefer_ctos_cipher { des | aes128 } | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] *

View

System view

Parameters

host-ip: Server IP address.

host-name: Server name, a string of 1 to 20 characters.

port-num: Server port number. It is in the range of 0 to 65,535 and defaults to 22.

identity-key: Specifies the algorithm for publickey authentication, either dsa or rsa. The default is rsa.

prefer_kex: Specifies the preferred key exchange algorithm. You can select one from the following two algorithms.

l          dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default algorithm.

l          dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.

prefer_ctos_cipher: Specifies the preferred client-to-server encryption algorithm, which is AES128 by default.

prefer_stoc_cipher: Specifies the preferred server-to-client encryption algorithm, which is AES128 by default.

l          des: DES_cbc encryption algorithm.

l          aes128: AES_128 encryption algorithm.

prefer_ctos_hmac: Specifies the preferred client-to-server HMAC (Hash-based message authentication code) algorithm, which is SHA1_96 by default.

prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm, which is SHA1_96 by default.

l          sha1: HMAC-SHA1 algorithm.

l          sha1_96: HMAC-SHA1-96 algorithm.

l          md5: HMAC-MD5 algorithm.

l          md5_96: HMAC-MD5-96 algorithm.

 

l          DES (data encryption standard) is a standard data encryption algorithm.

l          AES (advanced encryption standard) is an advanced encryption standard algorithm.

 

Description

Use the ssh2 command to start the SSH client to establish a connection with an SSH server, and at the same time specify the preferred key exchange algorithm, encryption algorithms and HMAC algorithms between the server and client.

Note that when logging into the SSH server using publickey authentication, an SSH client needs to read its own private key for authentication. As two algorithms (RSA or DSA) are available, the identity-key keyword must be used to specify one algorithm in order to get the correct private key.

Examples

# Log into SSH server 10.214.50.51 with:

l          dh_exchange_group as the preferred key exchange algorithm,

l          aes128 as the preferred server-to-client encryption algorithm,

l          md5 as the preferred client-to-server HMAC algorithm, and

l          sha1_96 as the preferred server-to-client HMAC algorithm.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网