162• Password-publickey authentication—The server requires SSH2 clients to pass both passwordauthentication and publickey authentication. However, an SSH1 client only needs to pass eitherauthentication, regardless of the requirement of the server.• Any authentication—The server requires clients to pass either password authentication or publickeyauthentication.FIPS complianceThe device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non-FIPS mode.Configuring the device as an SSH serverYou can configure the device as an Stelnet, SFTP, or SCP server. Because the configuration proceduresare similar, the SSH server represents the Stelnet, SFTP, or SCP server unless otherwise specified. SSHserver configuration task listTasks at a glance Remarks(Required.) Generating local DSA or RSA key pairs N/A(Required.) Enabling the SSH server function Required for Stelnet and SCP servers.(Required.) Enabling the SFTP server function Required for SFTP server.(Required.) Configuring the user interfaces for Stelnetclients N/A(Required.) Configuring a client's host public key Required if the authentication method is publickey,password-publickey, or any.Configuring the PKI domain for verifying the clientcertificateSee "Configuring PKI."Required if publickey authentication is configuredfor users and if the clients send the public keys tothe server through digital certificates for validitycheck.The PKI domain must have the CA certificate toverify the client certificate.(Required/optional.) Configuring an SSH userRequired if the authentication method is publickey,password-publickey, or any.Optional if the authentication method is password.(Optional.) Setting the SSH management parameters N/AGenerating local DSA or RSA key pairsIMPORTANT:Do not generate the local DSA key pair when the device operates in FIPS mode as an SSH server. Userauthentication will fail because the SSH server operating in FIPS mode supports only RSA key pairs.