stelnet [ -a source-address | -i interface-type interface-number ] host-ipv4 [ port ] [ [ -vpn-instance vpn-instance-name ] | [ prefer_kex { dh_group1 | dh_exchange_group | dh_group14_sha1 } ] | [ identity-key { rsa | dsa | ecc } ] | [ user-identity-key { rsa | dsa | ecc } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] *
stelnet ipv6 [ -a source-address ] host-ipv6 [ -oi interface-type interface-number ] [ port ] [ [ prefer_kex { dh_group1 | dh_exchange_group } ] | [ identity-key { rsa | dsa | ecc } ] | [ user-identity-key { rsa | dsa | ecc } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] *
| Parameter | Description | Value |
|---|---|---|
-a source-address |
Specifies the STelnet source address. |
- |
-i interface-type interface-number |
Specifies the STelnet source interface. |
- |
host-ipv4 |
Specifies the IPv4 address or host name of the remote system. |
The value is a string of 1 to 20 characters. |
host-ipv6 |
Specifies the IPv6 address or host name of the remote system. |
The value is a string ranging from 1 to 46 characters. |
-oi interface-type interface-number |
If host-ipv6 is the link local IPv6 address, the egress with this address must be specified. Otherwise, the egress does not need to be specified. |
- |
port |
Specifies the number of the port on the SSH server. |
The value is an integer that ranges from 1 to 65535. The default number of the standard port is 22. |
prefer_kex |
Indicates the key exchange algorithm. |
supports dh-group1, dh-exchange-group, and dh_group14_sha1 algorithms |
prefer_ctos_cipher prefer_ctos_cipher |
Specifies the preferred encryption algorithm from the client to the server. |
Including des, 3des, aes128, aes128_ctr, and aes256_ctr, and aes256. The default algorithm is aes256_ctr. To improve security, it is recommended that you use aes128, aes128_ctr, aes256_ctr, and aes256 algorithm. NOTE:
|
prefer_stoc_cipher prefer_stoc_cipher |
Specifies the preferred encryption algorithm from the server to the client. |
Including des, 3des, aes128, aes128_ctr, aes256_ctr, and aes256. The default algorithm is aes256_ctr. To improve security, it is recommended that you use aes128, aes128_ctr, aes256_ctr, and aes256 algorithm. NOTE:
|
prefer_ctos_hmac prefer_ctos_hmac |
Specifies the preferred HMAC algorithm from the client and the server. |
Including shal, shal-96, sha2-256, sha2-256-96, md5, and md5-96. The default algorithm is sha2-256. The md5 and md5-96 provide the lowest level of security. You are advised to use sha2-256 algorithm. |
prefer_stoc_hmac prefer_stoc_hmac |
Specifies the preferred HMAC algorithm from the server to the client. |
Including shal, shal-96, sha2-256, sha2-256-96, md5, and md5-96. The default algorithm is sha2-256. The md5 and md5-96 provide the lowest security, it is recommended to use sha2-256 algorithm. |
-vpn-instance vpn-instance-name |
Specifies the VPN instance name. |
The name is a string of 1 to 33 characters. |
-ki aliveinterval |
Specifies the interval for sending keepalive packets when no packet is received. |
The value is an integer ranging from 1 to 3600, in seconds. |
-kc alivecountmax |
Specifies the number of times for no reply of keepalive packets. |
The value is an integer ranging from 3 to 10. The default value is 5. |
identity-key |
Specifies the public key algorithm for the server authentication. |
The public key algorithm include dsa, rsa and ecc. NOTE:
|
user-identity-key |
Specifies the public key algorithm for the client authentication. |
The public key algorithm include dsa, rsa and ecc. NOTE:
|
rsa |
Specifies the DSA public key for the authentication. |
- |
dsa |
Specifies the RSA public key for the authentication. |
- |
ecc |
Specifies the ECC public key for the authentication. |
- |
Usage Scenario
Before connecting the SSH server by using the stelnet command, enable the STelnet service on the SSH server.
Only if the number of the port monitored by the server is 22, the port number need not be specified when the SSH client logs in. Otherwise, you must specify the port number.
By default, when no packet is received, the function of sending keepalive packets is not enabled.
When the STelnet server or the connection between it and the client is faulty, the client must detect the fault in time and release the connection voluntarily. To implement this, when logging in to the server through STelnet, the client must be configured with the interval for sending the keepalive packet and the number of times for no reply restriction on the server if no packet is received by the client. If a client does not receive any packets within specified period, the client sends a keepalive packet to the server. If the number of times of no reply restriction exceeds the specified number, the client releases the connection voluntarily.
Precautions
By default, the server authentication uses the ECC public key.
# Set keepalive parameters when the client logs in to the server through STelnet.
<sysname> system-view
[sysname] stelnet 10.164.39.209 -ki 10 -kc 4
Please input the username: client001
Trying 10.164.39.209 ...
Press CTRL+K to abort
Connected to 10.164.39.209 ...
Enter password:
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 6.
The current login time is 2014-11-06 11:42:42.