H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 321
307
# Configure an IP address for VLAN-interface 2.
<AC> system-view
[AC] interface vlan-interface 2
[AC-Vlan-interface2] ip address 10.165.87.137 255.255.255.0
[AC-Vlan-interface2] quit
# Generate RSA key pairs.
[AC] public-key local create rsa
# Export the host public key to the file key.pub.
[AC] public-key local export rsa ssh2 key.pub
[AC] quit
# Transmit the saved public key file to the server through FTP or TFTP. (Details not shown.)
2.
Configure the SSH server:
# Generate RSA key pairs and enable SSH server.
<Switch> system-view
[Switch] public-key local create rsa
[Switch] ssh server enable
# Configure an IP address for VLAN-interface 2, which the SSH client will use as the destination for
SSH connection.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 10.165.87.136 255.255.255.0
[Switch-Vlan-interface2] quit
# Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[Switch-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[Switch-ui-vty0-4] user privilege level 3
[Switch-ui-vty0-4] quit
# Import the peer public key from the file key.pub.
[Switch] public-key peer key001 import sshkey key.pub
# Specify the authentication type for user client002 as publickey, and assign the public key
key001 to the user.
[Switch] ssh user client002 service-type stelnet authentication-type publickey assign
publickey key001
3.
Establish an SSH connection to the server 192.168.1.40.
<AC> ssh2 192.168.1.40
Username: client002
Trying 192.168.1.40 ...
Press CTRL+K to abort
Connected to 192.168.1.40 ...
The Server is not authenticated. Continue? [Y/N]:y
Do you want to save the server public key? [Y/N]:n
**************************************************************************