Network requirements, Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

1-14

In the window shown in

Figure 1-2

, click Open. If the connection is normal, you will be prompted to enter

the username and password. After entering the correct username (client001) and password (aabbcc),

you can enter the configuration interface.

When Switch Acts as Server for Publickey Authentication

Network requirements

z

As shown in

Figure 1-3

, a local SSH connection is established between the host (the SSH client)

and the switch (the SSH server) for secure data exchange.

z

Publickey authentication is used, the algorithm is RSA.

Figure 1-3 Switch acts as server for publickey authentication

Configuration procedure

1) Configure the SSH server

# Generate RSA and DSA key pairs and enable SSH server.

system-view

[Switch] public-key local create rsa

[Switch] public-key local create dsa

[Switch] ssh server enable

# Configure an IP address for VLAN interface 1. This address will serve as the destination of the SSH

connection.

[Switch] interface vlan-interface 1

[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0

[Switch-Vlan-interface1] quit

# Set the authentication mode for the user interfaces to AAA.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[Switch-ui-vty0-4] protocol inbound ssh

# Set the user command privilege level to 3.

[Switch-ui-vty0-4] user privilege level 3

[Switch-ui-vty0-4] quit