Figure 8-14 Networking diagram of authenticating the SSH through RADIUS
SSH Client
SSH Server Radius Server
GE1/0/0
10.164.39.222/24
GE1/0/0
10.164.39.221/24
10.164.6.49/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the RADIUS template on the SSH server.
2. Configure a domain on the SSH server.
3. Create a user on the RADIUS server.
4. Generate the local key pair on STelnet client and SSH server respectively.
5. Generate the local key pair on the client and SSH server .
6. Generate the RSA public key on SSH server and bind the RSA public key of the SSH client
to ssh2@ssh.com.
7. Enable the STelnet and SFTP services on the SSH server.
8. Configure the service mode and authorization directory of the SSH user.
9. Users ssh1@ssh.com and ssh2@ssh.com log in to the SSH server through STelnet and
SFTP respectively.
Data Preparation
To complete the configuration, you need the following data:
l Configure the password authentication for the two SSH users .
l RADIUS authentication
l Name of the RADIUS template
l Name of the RADIUS domain
l Name and password of the RADIUS user
Procedure
Step 1 Generate a local key pair on the SSH server.
<Huawei> system-view
[Huawei] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]: 768
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++
Huawei AR2200 Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2011-10-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
169
To Next Page
Loading...
