389
# Create a PKI domain named client256 for verifying the client's certificate ecdsa256 and
import the file of this certificate to this domain. Create a PKI domain named server256 for the
server's certificate ecdsa256 and import the file of this certificate to this domain. (Details not
shown.)
# Create a PKI domain named client384 for verifying the client's certificate ecdsa384 and
import the file of this certificate to this domain. Create a PKI domain named server384 for the
server's certificate ecdsa384 and import the file of this certificate to this domain. (Details not
shown.)
# Specify Suite B algorithms for algorithm negotiation.
<SwitchB> system-view
[SwitchB] ssh2 algorithm key-exchange ecdh-sha2-nistp256 ecdh-sha2-nistp384
[SwitchB] ssh2 algorithm cipher aes128-gcm aes256-gcm
[SwitchB] ssh2 algorithm public-key x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
# Enable the SCP server.
[SwitchB] scp server enable
# Assign an IP address to VLAN-interface 2.
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 192.168.0.1 255.255.255.0
[SwitchB-Vlan-interface2] quit
# Set the authentication mode to AAA for user lines.
[SwitchB] line vty 0 63
[SwitchB-line-vty0-63] authentication-mode scheme
[SwitchB-line-vty0-63] quit
# Create a local device management user named client001. Authorize the user to use the SSH
service and assign the network-admin user role to the user.
[SwitchB] local-user client001 class manage
[SwitchB-luser-manage-client001] service-type ssh
[SwitchB-luser-manage-client001] authorization-attribute user-role network-admin
[SwitchB-luser-manage-client001] quit
# Create a local device management user named client002. Authorize the user to use the SSH
service and assign the network-admin user role to the user.
[SwitchB] local-user client002 class manage
[SwitchB-luser-manage-client002] service-type ssh
[SwitchB-luser-manage-client002] authorization-attribute user-role network-admin
[SwitchB-luser-manage-client002] quit
4. Establish an SCP connection to SCP server 192.168.0.1:
ï‚¡ Based on the 128-bit Suite B algorithms:
# Specify server256 as the PKI domain of the server's certificate.
[SwitchB]ssh server pki-domain server256
# Create an SSH user named client001. Specify the authentication method publickey for
the user and specify client256 as the PKI domain for verifying the client's certificate.
[Switch] ssh user client001 service-type scp authentication-type publickey assign
pki-domain client256
# Establish an SCP connection to SCP server 192.168.0.1 based on the 128-bit Suite B
algorithms.
<SwitchA> scp 192.168.0.1 get src.cfg suite-b 128-bit pki-domain client256
server-pki
-domain server256
To Next Page
Loading...
Need help?
General