When using publickey authentication, Network requirements, Network diagram – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 620: Configuration procedure
64-15
When Using Publickey Authentication
Network requirements
z
As shown in
, a local SSH connection is established between the host (SSH client) and
AC (SSH server) for secure data exchange.
z
Publickey authentication is used, the algorithm is RSA.
Network diagram
Figure 64-4
Network diagram of SSH server configuration (using publickey authentication)
Configuration procedure
1) Configure the SSH server
# Generate RSA and DSA key pairs and enable SSH server.
<AC> system-view
[AC] public-key local create rsa
[AC] public-key local create dsa
[AC] ssh server enable
# Configure an IP address for VLAN interface 1. This address will serve as the destination for the SSH
client in connecting the server.
[AC] interface vlan-interface 1
[AC-Vlan-interface1] ip address 192.168.1.40 255.255.255.0
[AC-Vlan-interface1] quit
# Set the authentication mode for the user interface to AAA.
[AC] user-interface vty 0 4
[AC-ui-vty0-4] authentication-mode scheme
# Enable the user interface to support SSH.
[AC-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[AC-ui-vty0-4] user privilege level 3
[AC-ui-vty0-4] quit
Before performing the following tasks, you must generate an RSA public key pair (using the client
software) on the client, save the key pair in a file named key.pub, and then upload the file to the SSH
server through FTP or TFTP. For details, refer to Configuring the SSH Client.
# Import the client’s public key from file “key.pub”.
[AC] public-key peer AC001 import sshkey key.pub