H3C Technologies H3C SecPath F1000-E User Manual

167

Likewise, to save the private key, click Save private key. A warning window pops up to prompt

you whether to save the private key without any protection. Click Yes and enter the name of the file
for saving the key (private.ppk in this case).
Then, you need to transmit the public key file to the server through FTP or TFTP.

2.

Configure the SSH server
# Generate RSA and DSA key pairs and enable SSH server.

<SecPath> system-view

[SecPath] public-key local create rsa

[SecPath] public-key local create dsa

[SecPath] ssh server enable

# Configure an IP address for interface GigabitEthernet 0/1, which the SSH client will use as the
destination for SSH connection.

[SecPath] interface GigabitEthernet 0/1

[SecPath-GigabitEthernet0/1] ip address 192.168.1.40 255.255.255.0

[SecPath-GigabitEthernet0/1] quit

# Set the authentication mode for the user interfaces to AAA.

[SecPath] user-interface vty 0 4

[SecPath-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[SecPath-ui-vty0-4] protocol inbound ssh

# Set the user command privilege level to 3.

[SecPath-ui-vty0-4] user privilege level 3

[SecPath-ui-vty0-4] quit

# Import the client's public key from file key.pub and name it SecPath001.

[SecPath] public-key peer SecPath001 import sshkey key.pub

# Specify the authentication method for user client002 as publickey, and assign the public key
SecPath001 to the user.

[SecPath] ssh user client002 service-type stelnet authentication-type publickey

assign publickey SecPath001

3.

Establish a connection between the SSH client and the SSH server.
# Specify the private key file and establish a connection to the SSH server
Launch PuTTY.exe to enter the following interface. In the Host Name (or IP address) field, enter the
IP address of the server (192.168.1.40).