H3C Technologies H3C WX3000 Series Unified Switches User Manual

46-21

Figure 47-12

Network diagram of SSH server configuration using password authentication

Switch

SSH Client

192 .168 .0 .2/24

VLAN-Interface 1

192.168.0.1/24

Configuration procedure

z

Configure the SSH server

# Create a VLAN interface on the device and assign an IP address, which the SSH client will use as the
destination for SSH connection.

<device> system-view

[device] interface vlan-interface 1

[device-Vlan-interface1] ip address 192.168.0.1 255.255.255.0

[device-Vlan-interface1] quit

# Generate RSA and DSA key pairs.

[device] public-key local create rsa

[device] public-key local create dsa

# Set the authentication mode for the user interfaces to AAA.

[device] user-interface vty 0 4

[device-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[device-ui-vty0-4] protocol inbound ssh

[device-ui-vty0-4] quit

# Create local client “client001”, and set the authentication password to “abc”, protocol type to SSH, and
command privilege level to 3 for the client.

[device] local-user client001

[device-luser-client001] password simple abc

[device-luser-client001] service-type ssh level 3

[device-luser-client001] quit

# Specify the authentication method of user client001 as password.

[device] ssh user client001 authentication-type password

z

Configure the SSH client

# Configure an IP address (192.168.0.2 in this case) for the SSH client. This IP address and that of the
VLAN interface on the device must be in the same network segment.

# Configure the SSH client software to establish a connection to the SSH server.

Take SSH client software “Putty” (version 0.58) as an example:

1) Run PuTTY.exe to enter the following configuration interface.