R2511-HP MSR Router Series Fundamentals Configuration Guide(V5)
41
Table 16 SSH server and client requirements
Device role Re
q
uirements
SSH server
Assign an IP address to a Layer 3 interface, and make sure the interface and
the client can reach each other.
Configure the authentication mode and other settings.
SSH client
If the host operates as an SSH client, run the SSH client program on the host.
Obtain the IP address of the Layer 3 interface on the server.
To control SSH access to the device operating as an SSH server, configure authentication and user
privilege level for SSH users.
Configuring the SSH server on the device
Follow these guidelines when you configure the SSH server:
• To make the command authorization or command accounting function take effect, apply an
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the
authorization server and other authorization parameters.
• If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the device.
• If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
RADIUS or HWTACACS server.
The SSH client authentication method is password in this configuration procedure. For more information
about SSH and publickey authentication, see Security Configuration Guide.
To configure the SSH server on the device:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create local key pairs.
public-key local create { dsa | rsa }
By default, no local key pairs are
created.
3. Enable SSH server.
ssh server enable By default, SSH server is disabled.
4. Enter one or multiple VTY user
interface views.
user-interface vty first-number
[ last-number ]
N/A
5. Enable scheme
authentication.
authentication-mode scheme N/A
6. Enable the user interfaces to
support PAD, Telnet, SSH, or
all of them.
protocol inbound { all | pad | ssh
| telnet }
Optional.
By default, all the three protocols
are supported.