H3C Technologies H3C S3100 Series Switches User Manual
Page 721
1-8
To do...
Use the command...
Remarks
Destroy the DSA key pair
public-key local destroy dsa
Optional
Use the command to destroy
the generated DSA key pair.
z
The SSH server’s key pairs are for generating session keys and for SSH clients to authenticate the
server. As different clients may support different public key algorithms, the server may use different
key pair for negotiation with different clients. Therefore, you need to generate both RSA and DSA
key pairs on the server to help ensure that clients can log in to the server successfully.
z
The command for generating a key pair can survive a reboot. You only need to configure it once.
z
Some third-party software, for example, WinSCP, requires that the modulo of a public key must be
greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.
Creating an SSH User and Specifying an Authentication Type
This task is to create an SSH user and specify an authentication type for it. Specifying an authentication
type for a new user is a must to get the user login.
Table 1-6 Follow these steps to configure an SSH user and specify an authentication type for the user:
To do...
Use the command...
Remarks
Enter system view
system-view
—
ssh authentication-type
default { all | password |
password-publickey |
publickey }
Specify the default
authentication type for
all SSH users
ssh user username
Create an SSH user,
and specify an
authentication type for it
ssh user username
authentication-type { all |
password |
password-publickey |
publickey }
Use either command.
By default, no SSH user is created
and no authentication type is
specified.
Note that: If both commands are used
and different authentication types are
specified, the authentication type
specified with the ssh user
authentication-type command takes
precedence.