H3C Technologies H3C S5120 Series Switches User Manual

1-19

[SwitchB] public-key local create dsa

[SwitchB] ssh server enable

# Create an IP address for VLAN interface 1, which the SSH client will use as the destination for SSH

connection.

[SwitchB] interface vlan-interface 1

[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0

[SwitchB-Vlan-interface1] quit

# Set the authentication mode for the user interfaces to AAA.

[SwitchB] user-interface vty 0 4

[SwitchB-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[SwitchB-ui-vty0-4] protocol inbound ssh

[SwitchB-ui-vty0-4] quit

# Create local user client001.

[SwitchB] local-user client001

[SwitchB-luser-client001] password simple aabbcc

[SwitchB-luser-client001] service-type ssh

[SwitchB-luser-client001] authorization-attribute level 3

[SwitchB-luser-client001] quit

# Specify the service type for user client001 as Stelnet, and the authentication type as password. This

step is optional.

[SwitchB] ssh user client001 service-type stelnet authentication-type password

2) Configure the SSH client

# Configure an IP address for VLAN interface 1.

system-view

[SwitchA] interface vlan-interface 1

[SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0

[SwitchA-Vlan-interface1] quit

[SwitchA] quit

z

If the client support first-time authentication, you can directly establish a connection from the client

to the server.

# Establish an SSH connection to server 10.165.87.136.

ssh2 10.165.87.136

Username: client001

Trying 10.165.87.136 ...

Press CTRL+K to abort

Connected to 10.165.87.136 ...

The Server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:n

Enter password:

After you enter the correct username, you can log into Switch B successfully.