H3C Technologies H3C S3600 Series Switches User Manual

1-42

In public key authentication, you can use either RSA or DSA public key. Here takes the DSA public key

as an example.

z

Configure Switch B

# Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the

destination for SSH connection.

system-view

[SwitchB] interface vlan-interface 1

[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0

[SwitchB-Vlan-interface1] quit

Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.

# Generate RSA and DSA key pairs.

[SwitchB] public-key local create rsa

[SwitchB] public-key local create dsa

# Set the authentication mode for the user interfaces to AAA.

[SwitchB] user-interface vty 0 4

[SwitchB-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[SwitchB-ui-vty0-4] protocol inbound ssh

# Set the user command privilege level to 3.

[SwitchB-ui-vty0-4] user privilege level 3

[SwitchB-ui-vty0-4] quit

# Specify the authentication type of user client001 as publickey.

[SwitchB] ssh user client001 authentication-type publickey

Before doing the following steps, you must first generate a DSA public key pair on the client and save

the key pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP.

For details, refer to “Configure Switch A”.

# Import the client public key pair named Switch001 from the file Switch001.

[SwitchB] public-key peer Switch001 import sshkey Switch001