Operation Manual – SSH
H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration
1-49
1.7.7 When Switch Acts as Client and First-Time Authentication is not
Supported
I. Network requirements
As shown in Figure 1-31, establish an SSH connection between Switch A (SSH Client)
and Switch B (SSH Server) for secure data exchange. The user name is client001 and
the SSH server’s IP address is 10.165.87.136. The publickey authentication mode is
used to enhance security.
II. Network diagram
Figure 1-31 Switch acts as client and first-time authentication is not supported
III. Configuration procedure
z Configure Switch B
# Create a VLAN interface on the switch and assign an IP address for it to serve as the
destination of the client.
<SwitchB> system-view
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[SwitchB-Vlan-interface1] quit
 Note:
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
# Set AAA authentication on user interfaces.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
# Configure the user interfaces to support SSH.
[SwitchB-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
To Next Page
Loading...
Need help?
General