< Home

stelnet

Function

The stelnet command enables a user to use the STelnet protocol to log in to another device from the current device.

Format

# IPv4 address

stelnet [ -a source-address | -i interface-type interface-number ] host-ip [ port-number ] [ [ -vpn-instance vpn-instance-name ] | [ identity-key { dsa | rsa | ecc } ] | [ user-identity-key { rsa | dsa | ecc } ] | [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] *

# IPv6 address

stelnet ipv6 [ -a source-address ] host-ipv6 [ -oi interface-type interface-number ] [ port-number ] [ [ identity-key { dsa | rsa | ecc } ] | [ user-identity-key { rsa | dsa | ecc } ] | [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] *

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support -a source-address and -i interface-type interface-number parameter in the command.

Parameters

Parameter

Description

Value

-a source-address

Specifies the STelnet source IP address.

-

-i interface-type interface-number

Specifies the STelnet source interface.

If the source interface is specified using -i interface-type interface-number, the -vpn-instance vpn-instance-name parameter is not supported.

-

host-ip

Specifies the IP address or host name of the remote IPv4 STelnet server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

host-ipv6

Specifies the IPv6 address or host name of the remote IPv6 STelnet server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

-oi interface-type interface-number

Specifies the outbound interface on the local device.

If the IPv6 address of the remote host is linked to a local address, the outbound interface must be specified.

port-number

Specifies the port number that the SSH server is listening on.

The value is an integer that ranges from 1 to 65535. The default value 22 is the standard port number.

identity-key

Specifies the public key for server authentication.

The public key algorithm includes dsa, rsa, and ecc. By default, the server authentication uses the ECC public key.

NOTE:

To improve security, it is not recommended that you use RSA or DSA as the authentication algorithm.

user-identity-key

Specifies the public key algorithm for the client authentication.

The public key algorithm includes dsa, rsa, and ecc. By default, the client authentication uses the RSA public key.

NOTE:

To improve security, it is not recommended that you use RSA or DSA as the authentication algorithm.

prefer_kex prefer_key-exchange

Indicates the preferred key exchange algorithm.

Specifies the preferred key exchange algorithm. The dh_exchange_group, dh_exchange_group_sha256, dh_group14_sha1, dh_group14_sha256, dh_group15_sha512, and dh_group16_sha512 algorithms are supported currently.

The default key exchange algorithm is dh_group14_sha1.

prefer_ctos_cipher prefer_ctos_cipher

Specifies the preferred encryption algorithm from the client to the server. The 3des, aes128, aes256, aes128_ctr, and aes256_ctr algorithms are supported currently.

The default algorithm is aes256_ctr.

To improve security, it is recommended that you use aes128_ctr and aes256_ctr algorithms.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.

prefer_stoc_cipher prefer_stoc_cipher

Specifies the preferred encryption algorithm from the server to the client. The 3des, aes128, aes256, aes128_ctr, and aes256_ctr algorithms are supported currently.

The default algorithm is aes256_ctr.

To improve security, it is recommended that you use aes128_ctr and aes256_ctr algorithms.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.

prefer_ctos_hmac prefer_ctos_hmac

Specifies the preferred HMAC algorithm from the client to the server. The sha1, sha1_96, md5, md5_96, sha2_256, and sha2_256_96 algorithms are supported currently.

The default algorithm is sha2_256.

To improve security, it is recommended that you use sha2_256 and sha2_256_96 algorithms.

prefer_stoc_hmac prefer_ctos_hmac

Specifies the preferred HMAC algorithm from the server to the client. The sha1, sha1_96, md5, md5_96, sha2_256, and sha2_256_96 algorithms are supported currently.

The default algorithm is sha2_256.

To improve security, it is recommended that you use sha2_256 and sha2_256_96 algorithms.

-vpn-instance vpn-instance-name

Specifies the name of the VPN instance to which the server belongs.

The value must be an existing VPN instance name.

-ki aliveinterval

Specifies the interval for sending keepalive packets when no packet is received.

The value is an integer that ranges from 1 to 3600, in seconds.

-kc alivecountmax

Specifies the number of times for no reply of keepalive packets.

The value is an integer that ranges from 3 to 10. The default value is 5.

Views

System view

Default Level

0: Visit level

Usage Guidelines

Usage Scenario

Logins through Telnet bring security risks because Telnet does not provide any authentication mechanism and data is transmitted using TCP in plain text. Compared with Telnet, SSH guarantees secure file transfer on a traditional insecure network by authenticating clients and encrypting data in bidirectional mode. The SSH protocol supports STelnet. You can run this command to use STelnet to log in to another device from the current device.

STelnet is a secure Telnet service. SSH users can use the STelnet service in the same way as the Telnet service.

When a fault occurs in the connection between the client and server, the client needs to detect the fault in real time and proactively release the connection. You need to set the interval for sending keepalive packets and the maximum number of times on the client that logs in to the server through STelnet.

  • Interval for sending keepalive packets: If a client does not receive any packet within the specified interval, the client sends a keepalive packet to the server.
  • Maximum number of times the server has no response: If the number of times that the server does not respond exceeds the specified value, the client proactively releases the connection.

Precautions

  • Before connecting the SSH server using the STelnet command, run the stelnet server enable command to enable the STelnet service on the SSH server.

  • If the server is listening on port 22, the SSH client can log in to the SSH server with no port specified. If the server is listening on another port, the port number must be specified upon login.

Example

# Set keepalive parameters when a client logs in to a server through STelnet.

<HUAWEI> system-view
[HUAWEI] stelnet 10.164.39.209 -ki 10 -kc 4
# Remotely connect to the STelnet server that uses an IPv6 address.
<HUAWEI> system-view
[HUAWEI] stelnet ipv6 fc00:2001:db8::1 prefer_ctos_cipher aes128
Parent Topic: User Login Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >