HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 192

Configuring a client public key

Page 192 highlights

Step 1. Enter system view. 2. Enter user interface view of one or more user interfaces. 3. Set the login authentication mode to scheme. Command system-view user-interface vty number [ ending-number ] authentication-mode scheme 4. Configure the user interfaces to support SSH login. protocol inbound { all | ssh } Remarks N/A N/A By default, the authentication mode is password. Optional. All protocols are supported by default. For more information about the authentication-mode and protocol inbound commands, see Fundamentals Command Reference. Configuring a client public key This configuration task is only necessary for SSH users using publickey authentication. To allow an SSH user to pass publickey authentication and log in to the server, you must configure the client's DSA or RSA host public key on the server, and configure the client to use the corresponding host private key, so that the server uses the digital signature to authenticate the client. You can manually configure the public key of an SSH client on the server, or import it from the public key file: • Configure it manually-You can type or copy the public key to the SSH server. The public key must have not been converted and be in the Distinguished Encoding Rules (DER) encoding format. • Import it from the public key file-During the import process, the server will automatically convert the public key in the public key file to a string in Public Key Cryptography Standards (PKCS) format, and save it locally. Before importing the public key, you must upload the public key file (in binary) to the server through FTP or TFTP. NOTE: HP recommends you to configure a client public key by importing it from a public key file. For more information about client public key configuration, see "Managing public keys." Configuring a client public key manually Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public key view. public-key peer keyname N/A 3. Enter public key code view. public-key-code begin N/A 4. Configure a client's host public key. Enter the content of the host public Spaces and carriage returns are key allowed between characters. 5. Return to public key view and save the configured host public-key-code end public key. When you exit public key code view, the system automatically saves the public key. 6. Return to system view. peer-public-key end N/A 182

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285

182
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter user interface view of
one or more user interfaces.
user-interface
vty
number
[
ending-number
]
N/A
3.
Set the login authentication
mode to
scheme.
authentication-mode
scheme
By default, the authentication
mode is
password
.
4.
Configure the user interfaces
to support SSH login.
protocol inbound
{
all
|
ssh
}
Optional.
All protocols are supported by
default.
For more information about the
authentication-mode
and
protocol inbound
commands, see
Fundamentals Command Reference.
Configuring a client public key
This configuration task is only necessary for SSH users using publickey authentication.
To allow an SSH user to pass publickey authentication and log in to the server, you must configure the
client’s DSA or RSA host public key on the server, and configure the client to use the corresponding host
private key, so that the server uses the digital signature to authenticate the client.
You can manually configure the public key of an SSH client on the server, or import it from the public key
file:
Configure it manually
You can type or copy the public key to the SSH server. The public key must
have not been converted and be in the Distinguished Encoding Rules (DER) encoding format.
Import it from the public key file
During the import process, the server will automatically convert
the public key in the public key file to a string in Public Key Cryptography Standards (PKCS) format,
and save it locally. Before importing the public key, you must upload the public key file (in binary)
to the server through FTP or TFTP.
NOTE:
HP recommends you to configure a client public key by importing it from a public key file.
For more information about client public key configuration, see "
Managing public keys
."
Configuring a client public key manually
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter public key view.
public-key peer
keyname
N/A
3.
Enter public key code view.
public-key-code begin
N/A
4.
Configure a client's host
public key.
Enter the content of the host public
key
Spaces and carriage returns are
allowed between characters.
5.
Return to public key view and
save the configured host
public key.
public-key-code end
When you exit public key code
view, the system automatically
saves the public key.
6.
Return to system view.
peer-public-key
end
N/A