492
characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:),
dots (.), angle brackets (< >), quotation marks ("), and apostrophes (').
source
: Specifies a source IPv4 address or source interface for SSH packets. By default, the device
uses the primary IPv4 address of the output interface in the routing entry as the source address of
SSH packets. As a best practice to ensure successful Stelnet connections, specify a loopback
interface as the source interface or specify that interface's IPv4 address as the source IPv4 address.
•
interface interface-type interface-number
: Specifies a source interface by its type and number.
The primary IPv4 address of this interface is the source IPv4 address of the SSH packets.
•
ip
ip-address
: Specifies a source IPv4 address.
Usage guidelines
The combination of an escape character and a dot (.) works as an escape sequence. This escape
sequence is typically used to quickly terminate an SSH connection when the server reboots or
malfunctions.
For the escape sequence to take effect, you must enter it at the very beginning of a line. If you have
entered other characters or performed operations in a line, enter the escape sequence in the next
line.
As a best practice, use the default escape character (~). Do not use any character in SSH
usernames as the escape character.
If the client and the server have negotiated to use certificate authentication, the client must verify the
server's certificate. For the client to correctly get the server's certificate, you must specify the server's
PKI domain on the client by using the
server-pki-domain
domain-name
option. The client uses the
CA certificate stored in the specified PKI domain to verify the server's certificate and does not need
to save the server's public key before authentication. If you do not specify the server's PKI domain,
the client uses the PKI domain of its own certificate to verify the server's certificate.
Examples
# Establish a connection to Stelnet server
3.3.3.3
and specify the public key of the server as
svkey
.
The Stelnet client uses publickey authentication. Specify the dollar sign ($) as the escape character.
Use the following algorithms:
•
Preferred key exchange algorithm:
dh-group14-sha1
.
•
Preferred server-to-client encryption algorithm:
aes128-cbc
.
•
Preferred client-to-server HMAC algorithm:
sha1
.
•
Preferred server-to-client HMAC algorithm:
sha1-96
.
•
Preferred compression algorithm:
zlib
.
<Sysname> ssh2 3.3.3.3 prefer-kex dh-group14-sha1 prefer-stoc-cipher aes128-cbc
prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib public-key svkey
escape $
ssh2 ipv6
Use
ssh2 ipv6
to establish a connection to an IPv6 Stelnet server.
Syntax
In non-FIPS mode:
ssh2
ipv6
server
[
port-number
] [
vpn-instance
vpn-instance-name
] [
-i
interface-type
interface-number
] [
identity-key
{
dsa
|
ecdsa-sha2-nistp256
|
ecdsa-sha2-nistp384
|
rsa
|
{
x509v3-ecdsa-sha2-nistp256
|
x509v3-ecdsa-sha2-nistp384
}
pki-domain
domain-name
} |
prefer-compress
zlib
|
prefer-ctos-cipher
{
3des-cbc
|
aes128-cbc
|
aes128-ctr
|
aes128-gcm
|
aes192-ctr
|
aes256-cbc
|
aes256-ctr
|
aes256-gcm
|
des-cbc
} |
prefer-ctos-hmac
{
md5
|
md5-96
|
sha1
|
sha1-96
|
sha2-256
|
sha2-512
} |
prefer-kex
{
dh-group-exchange-sha1
|
dh-group1-sha1
|
dh-group14-sha1
|
ecdh-sha2-nistp256
|
ecdh-sha2-nistp384
} |
Содержание FlexNetwork 7500 Series
Страница 350: ...335 Related commands display port security port security enable ...
Страница 379: ...364 Sysname system view Sysname keychain abc mode absolute Sysname keychain abc tcp kind 252 ...
Страница 519: ...504 Related commands display ssh2 algorithm ssh2 algorithm cipher ssh2 algorithm key exchange ssh2 algorithm mac ...
