SSH Server Configuration Examples 1121
When Using Publickey
Authentication
Network requirements
■ As shown in Figure 333, a local SSH connection is established between the
host (SSH client) and the switch (SSH server) for secure data exchange.
■ Publickey authentication is used, the algorithm is RSA.
Network diagram
Figure 333 Network diagram of SSH server configuration (using publickey authentication)
Configuration procedure
1 Configure the SSH server
# Generate RSA and DSA key pairs and enable SSH server.
<Switch> system-view
[Switch] public-key local create rsa
[Switch] public-key local create dsa
[Switch] ssh server enable
# Configure an IP address for VLAN interface 1. This address will serve as the
destination for the SSH client in connecting the server.
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0
[Switch-Vlan-interface1] quit
# Set the authentication mode for the user interface to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
# Enable the user interface to support SSH.
[Switch-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[Switch-ui-vty0-4] user privilege level 3
[Switch-ui-vty0-4] quit
n
Before performing the following tasks, you must generate an RSA public key pair
(using the client software) on the client, save the key pair in a file named key.pub,
and then upload the file to the SSH server through FTP or TFTP. For details, refer to
“Configuring the Device as an SSH Client” on page 1115.
# Import the client’s public key from file “key.pub”.
[Switch] public-key peer Switch001 import sshkey key.pub
# Specify the authentication type for user “client002” as publickey, and assign the
public key “Switch001” for the user.
[Switch] ssh user client002 service-type stelnet authentication-type
publickey assign publickey Switch001
2 Configure the SSH client
# Generate an RSA key pair
SSH client SSH server
Host Switch
192.168.1.56/24
Vlan-int1
192.168.1.40/24
To Next Page
Loading...
