I. network requirements – H3C Technologies H3C S3100 Series Switches User Manual
Page 507
Operation Manual – SSH Terminal Service
H3C S3100-52P Ethernet Switch
Chapter 1 SSH Terminal Service
1-21
Note:
You can use the default SSH authentication timeout time and authentication retry times.
After the above settings, run the SSH2.0-supported client software on a host connected
to the switch, and log into the switch with the username client001 and password "abc".
z
RSA public key authentication
# Set AAA authentication on the user interfaces.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
# Set the user interfaces to support SSH.
[H3C-ui-vty0-4] protocol inbound ssh
# Set login protocol to SSH and authentication type to RSA for user client002.
[H3C] ssh user client002 authentication-type rsa
# On the SSH2.0 client, make the client software generate a random RSA key pair, and
transfer the public key in the pair from the client to the server.
# Configure the client public key on the server, with a key name of H3C002.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key] peer-public-key end
[H3C] ssh user client002 assign rsa-key H3C002
# Make corresponding configuration on the host keeping the RSA private key and start
the SSH client software to establish an SSH connection.
1.1.7 Configuring the Device as an SSH Client Configuration Example
I. Network requirements
As shown in Figure 1-13:
z
Switch A serves as an SSH client, with a user name of client003.
z
Switch B serves as an SSH server, with an IP address of 10.165.87.136.