Ipsec configuration examples, Sftp configuration examples – H3C Technologies H3C S12500-X Series Switches User Manual

197

# Create an SSH user client002 with the authentication method publickey, and assign the public

key switchkey to the user.

[SwitchB] ssh user client002 service-type stelnet authentication-type publickey

assign publickey switchkey

# Create a local device management user client002 with the service type ssh and the user role
network-admin.

[SwitchB] local-user client002 class manage

[SwitchB-luser-manage-client002] service-type ssh

[SwitchB-luser-manage-client002] authorization-attribute user-role network-admin

[SwitchB-luser-manage-client002] quit

3.

Establish an SSH connection to the Stelnet server 192.168.1.40.

ssh2 192.168.1.40

Username: client002

The server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:n

You can log in to Router B successfully for the first time without configuring its host public key,
because the client supports the first authentication by default.

123B

SFTP configuration examples

Unless otherwise noted, devices in the configuration examples are in non-FIPS mode.
If you configure an SFTP server in FIPS mode, follow these guidelines:

•

The modulus length of the key pair must be 2048 bits.

•

Do not generate a DSA key pair on the SFTP server. Only RSA key pairs are supported.

285B

Password authentication enabled SFTP server configuration
example

504B

Network requirements

As shown in

902H

Figure 59

, you can log in to the switch through the SFTP client that runs on the host and are

assigned the user role network-admin to execute file management and transfer operations. The switch

acts as the SFTP server and uses password authentication. The username and password of the client are

saved on the switch.

Figure 59 Network diagram

505B

Configuration procedure

1.

Configure the SFTP server:
# Generate the RSA key pairs.

system-view