Configuring a client public key – H3C Technologies H3C S5120 Series Switches User Manual

1-6

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter user interface view of one
or more user interfaces

user-interface vty number
[ ending-number ]

—

Set the login authentication
mode to scheme

authentication-mode scheme

Required

By default, the authentication
mode is password.

Configure the user interface(s)
to support SSH login

protocol inbound { all | ssh }

Optional

All protocols are supported by
default.

z

For detailed information about the authentication-mode and protocol inbound commands, refer

to Login Commands.

z

If you configure a user interface to support SSH, be sure to configure the corresponding

authentication method with the authentication-mode scheme command.

z

For a user interface configured to support SSH, you cannot change the authentication mode. To

change the authentication mode, undo the SSH support configuration first.

Configuring a Client Public Key

This configuration task is only necessary for SSH users using publickey authentication.

For each SSH user that uses publickey authentication to login, you must configure the client’s DSA or

RSA host public key on the server, and configure the client to use the corresponding private key.

To configure the public key of an SSH client, you can:

z

Configure it manually: You can input or copy the public key to the local host. The copied public key

must have not been converted and be in the distinguished encoding rules (DER) encoding format.

z

Import it from the public key file: During the import process, the system will automatically convert

the public key to a string coded using the Public Key Cryptography Standards (PKCS). Before

importing the public key, you must upload the public key file (in binary) to the local host through

FTP or TFTP.