H3C Technologies H3C WX3000 Series Unified Switches User Manual

46-34

When first-time authentication is not supported, you must first generate a DSA key pair on the server
and save the key pair in a file named Switch002, and then upload the file to the SSH client through FTP
or TFTP.

z

Configure Switch A

# Create a VLAN interface on the device and assign an IP address, which serves as the SSH client’s
address in an SSH connection.

<device> system-view

[device] interface vlan-interface 1

[device-Vlan-interface1] ip address 10.165.87.137 255.255.255.0

[device-Vlan-interface1] quit

# Generate a DSA key pair

[device] public-key local create dsa

# Export the generated DSA key pair to a file named Switch001.

[device] public-key local export dsa ssh2 Switch001

After generating the key pair, you need to upload the key pair file to the server through FTP or TFTP and
complete the server end configuration before you continue to configure the client.

# Disable first-time authentication on the device.

[device] undo ssh client first-time

When first-time authentication is not supported, you must first generate a DSA key pair on the server
and save the key pair in a file named Switch002, and then upload the file to the SSH client through FTP
or TFTP. For details, refer to the above part “Configure Switch B”.

# Import the public key pair named Switch002 from the file Switch002.

[device] public-key peer Switch002 import sshkey Switch002

# Specify the host public key pair name of the server.

[device] ssh client 10.165.87.136 assign rsa-key Switch002

# Establish the SSH connection to server 10.165.87.136.

[device] ssh2 10.165.87.136 identity-key dsa

Username: client001

Trying 10.165.87.136 ...

Press CTRL+K to abort