stelnet
Function
The stelnet command enables you to use the STelnet protocol to log in to another device from the current device.
Format
# IPv4 address
stelnet [ -a source-address ] host-ip [ port-number ] [ [ identity-key { rsa | ecc } ] | [ user-identity-key { rsa | ecc } ] | [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ]
# IPv6 address
stelnet ipv6 [ -a source-address ] host-ipv6 [ -oi interface-type interface-number ] [ port-number ] [ [ identity-key { rsa | ecc } ] | [ user-identity-key { rsa | ecc } ] | [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| -a source-address | Specifies the STelnet source IP address. | IPv4: The value is in dotted decimal notation. IPv6: The value is a 32-digit hexadecimal number, in the X:X:X:X:X:X:X:X format. |
| host-ip | Specifies the IP address or host name of the remote IPv4 STelnet server. | The value is a string of 1 to 255 case-insensitive characters without spaces. |
| host-ipv6 | Specifies the IPv6 address or host name of the remote IPv6 STelnet server. | The value is a string of 1 to 255 case-insensitive characters without spaces. |
| -oi interface-type interface-number | Specifies the outbound interface on the local device. | If the IPv6 address of the remote host is linked to a local address, the outbound interface must be specified. |
| port-number | Specifies the port number that the SSH server is listening on. | The value is an integer that ranges from 1 to 65535. The default value 22 is the standard port number. |
| identity-key | Specifies the public key for server authentication. | The public key algorithm includes rsa and ecc. NOTE:
To improve security, it is not recommended that you use RSA
as the authentication algorithm. |
| user-identity-key | Specifies the public key algorithm for the client authentication. | The public key algorithm includes rsa and ecc. NOTE:
To improve security, it is not recommended that you use RSA
as the authentication algorithm. |
| prefer_kex prefer_key-exchange | Specifies the preferred key exchange algorithm. | The dh_group1, dh_exchange_group, and dh_group14_sha1 algorithms are supported currently. The default key exchange algorithm is dh_group14_sha1. NOTE:
The dh_exchange_group algorithm is recommended.
|
| prefer_ctos_cipher prefer_ctos_cipher | Specifies the preferred encryption algorithm from the client to the server. | The 3des, aes256_cbc, aes128_ctr, aes256_ctr, and aes128 algorithms are supported currently. The default algorithm are aes256_ctr and aes128. NOTE:
|
| prefer_stoc_cipher prefer_stoc_cipher | Specifies the preferred encryption algorithm from the server to the client. | The 3des, aes256_cbc, aes128_ctr, aes256_ctr, and aes128 algorithms are supported currently. The default algorithm are aes256_ctr and aes128. NOTE:
|
| prefer_ctos_hmac prefer_ctos_hmac | Specifies the preferred HMAC algorithm from the client to the server. | The sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 algorithms are supported currently. The default algorithm is sha2_256. NOTE:
|
| prefer_stoc_hmac prefer_stoc_hmac | Specifies the preferred HMAC algorithm from the server to the client. | The sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 algorithms are supported currently. The default algorithm is sha2_256. NOTE:
|
| -ki aliveinterval | Specifies the interval for sending keepalive packets when no packet is received. | The value is an integer that ranges from 1 to 3600, in seconds. |
| -kc alivecountmax | Specifies the number of times for no reply of keepalive packets. | The value is an integer that ranges from 3 to 10. The default value is 5. |
Usage Guidelines
Logins through Telnet bring security risks because Telnet does not provide any authentication mechanism and data is transmitted using TCP in plain text. Compared with Telnet, SSH guarantees secure file transfer on a traditional insecure network by authenticating clients and encrypting data in bidirectional mode. The SSH protocol supports STelnet. You can run this command to use STelnet to log in to another device from the current device.
STelnet is a secure Telnet service. SSH users can use the STelnet service in the same way as the Telnet service.
When a fault occurs in the connection between the client and server, the client needs to detect the fault in real time and proactively release the connection. You need to set the interval for sending keepalive packets and the maximum number of times on the client that logs in to the server through STelnet.
- Interval for sending keepalive packets: If a client does not receive any packet within the specified interval, the client sends a keepalive packet to the server.
- Maximum number of times the server has no response: If the number of times that the server does not respond exceeds the specified value, the client proactively releases the connection.
Enable the STelnet service on the SSH server by stelnet server enable command, before connecting the SSH server by using the STelnet command.
The SSH client can log in to the SSH server with no port specified only when the server is listening on port 22. If the server is listening on another port, the port number must be specified upon login.
- To improve data transmission security, AES128 or a more secure algorithm is recommended.
If multiple APs use the same IP address, you cannot log in to an AP using its IP address using the stelnet command. In this case, you can run the stelnet ap command to log in to an AP using the AP ID or name.
Example
# Set keepalive parameters when the client logs in to the server through STelnet.
<AC6605> system-view
[AC6605] stelnet 10.164.39.209 -ki 10 -kc 4
<AC6605> system-view
[AC6605] stelnet ipv6 fe80::100 prefer_ctos_cipher aes128
