H3C Technologies H3C WX6000 Series Access Controllers User Manual

64-22

<Switch> system-view

[Switch] public-key local create rsa

[Switch] public-key local create dsa

[Switch] ssh server enable

# Configure an IP address for VLAN interface 1, which the SSH client will use as the destination for SSH
connection.

[Switch] interface vlan-interface 1

[Switch-Vlan-interface1] ip address 10.165.87.136 255.255.255.0

[Switch-Vlan-interface1] quit

# Set the authentication mode for the user interface to AAA.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

# Enable the user interface to support SSH.

[Switch-ui-vty0-4] protocol inbound ssh

# Set the user command privilege level to 3.

[Switch-ui-vty0-4] user privilege level 3

[Switch-ui-vty0-4] quit

Before performing the following tasks, you must generate a DSA public key pair (using the client
software) on the client, save the key pair in a file named key.pub, and then upload the file to the SSH
server through FTP or TFTP. For details, refer to Configuring the SSH Client.

# Import the remote public key pair from the file “key.pub”.

[Switch] public-key peer Switch001 import sshkey key.pub

# Specify the authentication type for user “client002” as publickey, and assign the public key
“Switch001” for the user.

[Switch] ssh user client002 service-type stelnet authentication-type publickey assign

publickey Switch001

2) Configure the SSH client

# Configure an IP address for Vlan interface 1.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ip address 10.165.87.137 255.255.255.0

[AC-Vlan-interface1] quit

# Generate a DSA key pair.

[AC] public-key local create dsa

# Export the DSA key pair to the file key.pub.

[AC] public-key local export dsa ssh2 key.pub

[AC] quit