Any authentication—The server requires the client to pass either of password authentication or
•
publickey authentication.
SSH support for MPLS L3VPN
With this function, you can configure the device as an SSH client to establish connections with SSH
servers in different MPLS L3VPNs.
As shown in
services of the two VPNs isolated. After a PE is enabled with the SSH client function, it can establish SSH
connections with CEs in different VPNs that are enabled with the SSH server function to implement secure
access to the CEs and secure transfer of log file.
Figure 70 Network diagram
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see
Configuring the device as an SSH server
You can configure the device as an Stelnet server, SFTP server or SCP server. Because the configuration
procedures are similar, the SSH server represents the Stelnet server, SFTP server, and SCP server unless
otherwise specified.
SSH server configuration task list
Task
Generating local DSA or RSA key pairs
Enabling the SSH server function
Enabling the SFTP server function
Configuring the user interfaces for SSH clients
Configuring a client's host public key
Figure
70, the hosts in VPN 1 and VPN 2 access the MPLS backbone through PEs, with the
"Configuring
Remarks
Required.
Required for Stelnet, SFTP and SCP servers.
Required.
Required for SFTP server.
Required for publickey authentication users.
210
FIPS") and non-FIPS mode.