connections with CEs in different VPNs that are enabled with the SSH server function to implement secure
access to the CEs and secure transfer of log file.
Figure 89 Network diagram
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see
Configuring the switch as an SSH server
SSH server configuration task list
Task
Generating local key pairs
Enabling the SSH server function
Configuring the user interfaces for SSH clients
Configuring a client's host public key
Configuring an SSH user
Setting the SSH management parameters
Setting the DSCP value for packets sent by the SSH
server
Generating local key pairs
In the key and algorithm negotiation stage, the DSA, RSA, or ECDSA key pairs are used to generate the
session key and session ID. They can also be used by a client to authenticate the server.
"Configuring
Remarks
Optional
Required
Required
Required for publickey authentication users and
optional for password authentication users
Optional
Optional
Optional
307
FIPS") and non-FIPS mode.