iv
Example for entering a peer public key ···················································································································· 120
Network requirements········································································································································· 120
Configuration procedure ···································································································································· 120
Verifying the configuration ································································································································· 121
Example for importing a public key from a public key file ····················································································· 122
Network requirements········································································································································· 122
Configuration procedure ···································································································································· 122
Verifying the configuration ································································································································· 124
Configuring SSH ····················································································································································· 125
Overview······································································································································································· 125
How SSH works··················································································································································· 125
SSH authentication methods······························································································································· 126
FIPS compliance ··························································································································································· 127
Configuring the device as an SSH server·················································································································· 127
SSH server configuration task list ······················································································································ 127
Generating local DSA or RSA key pairs ··········································································································· 127
Enabling the SSH server function······················································································································· 128
Enabling the SFTP server function ······················································································································ 128
Configuring the user interfaces for Stelnet clients ···························································································· 129
Configuring a client's host public key ··············································································································· 129
Configuring an SSH user ···································································································································· 130
Setting the SSH management parameters ········································································································ 131
Configuring the device as an Stelnet client ··············································································································· 132
Stelnet client configuration task list
···················································································································· 132
Specifying a source IP address or source interface for the Stelnet client ······················································ 133
Establishing a connection to an Stelnet server ································································································· 133
Configuring the device as an SFTP client ·················································································································· 135
SFTP client configuration task list ······················································································································· 135
Specifying a source IP address or source interface for the SFTP client ························································· 135
Establishing a connection to an SFTP server ···································································································· 135
Working with SFTP directories ··························································································································· 137
Working with SFTP files ······································································································································ 137
Displaying help information ······························································································································· 137
Terminating the connection with the SFTP server ····························································································· 138
Configuring the device as an SCP client ··················································································································· 138
Displaying and maintaining SSH ······················································································································ 139
Stelnet configuration examples ··································································································································· 140
Password authentication enabled Stelnet server configuration example ······················································ 140
Publickey authentication enabled Stelnet server configuration example······················································· 142
Password authentication enabled Stelnet client configuration example························································ 148
Publickey authentication enabled Stelnet client configuration example ························································ 151
SFTP configuration examples ······································································································································ 153
Password authentication enabled SFTP server configuration example·························································· 153
Publickey authentication enabled SFTP client configuration example ··························································· 155
SCP file transfer with password authentication········································································································· 158
Network requirements········································································································································· 158
Configuration procedure ···································································································································· 159
Configuring IP source guard ·································································································································· 161
Overview······································································································································································· 161
Static IP source guard binding entries··············································································································· 161
Dynamic IPv4 source binding entries ················································································································ 162
IP source guard configuration task list ······················································································································· 162
Configuring the IPv4 source guard function
·············································································································· 162