Network requirements, Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual
Page 499
1-21
When Switch Acts as Client for Publickey Authentication
Network requirements
z
As shown in
, Switch A (the SSH client) needs to log into Switch B (the SSH server)
through the SSH protocol.
z
Publickey authentication is used, and the public key algorithm is DSA.
Figure 1-11 Switch acts as client for publickey authentication
Configuration procedure
1) Configure the SSH server
# Generate RSA and DSA key pairs and enable SSH server.
<SwitchB> system-view
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
[SwitchB] ssh server enable
# Configure an IP address for VLAN interface 1, which the SSH client will use as the destination for SSH
connection.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[SwitchB-Vlan-interface1] quit
# Set the authentication mode for the user interfaces to AAA.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[SwitchB-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[SwitchB-ui-vty0-4] user privilege level 3
[SwitchB-ui-vty0-4] quit
Before performing the following tasks, you must use the client software to generate an RSA key pair on
the client, save the public key in a file named key.pub, and then upload the file to the SSH server
through FTP or TFTP. For details, refer to
# Import the peer public key from the file key.pub.
[SwitchB] public-key peer Switch001 import sshkey key.pub