Ssh server configuration examples, Network requirements, Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

1-12

For information about the display public-key local and display public-key peer commands, refer to

Public Key Commands.

SSH Server Configuration Examples

When Switch Acts as Server for Password Authentication

Network requirements

z

As shown in

Figure 1-1

, a local SSH connection is established between the host (the SSH client)

and the switch (the SSH server) for secure data exchange.

z

Password authentication is required. The username and password are saved on the switch.

Figure 1-1 Switch acts as server for password authentication

SSH client

SSH server

Host

Switch

192.168.0.2/24

Vlan-int1

192.168.0.1/24

Configuration procedure

1) Configure the SSH server

# Generate RSA and DSA key pairs and enable the SSH server.

system-view

[Switch] public-key local create rsa

[Switch] public-key local create dsa

[Switch] ssh server enable

# Configure an IP address for VLAN interface 1. This address will serve as the destination of the SSH

connection.

[Switch] interface vlan-interface 1

[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0

[Switch-Vlan-interface1] quit

# Set the authentication mode for the user interfaces to AAA.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[Switch-ui-vty0-4] protocol inbound ssh

[Switch-ui-vty0-4] quit

# Create local user client001, and set the user command privilege level to 3

[Switch] local-user client001