Network diagram, Configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual

1-22

Network diagram

Figure 1-10 Switch acts as server for local password authentication

Configuration procedure

z

Configure the SSH server

# Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the

destination for SSH connection.

system-view

[Switch] interface vlan-interface 1

[Switch-Vlan-interface1] ip address 192.168.0.1 255.255.255.0

[Switch-Vlan-interface1] quit

Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.

# Generate RSA and DSA key pairs.

[Switch] public-key local create rsa

[Switch] public-key local create dsa

# Set the authentication mode for the user interfaces to AAA.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[Switch-ui-vty0-4] protocol inbound ssh

[Switch-ui-vty0-4] quit

# Create local client client001, and set the authentication password to abc, protocol type to SSH, and

command privilege level to 3 for the client.

[Switch] local-user client001

[Switch-luser-client001] password simple abc

[Switch-luser-client001] service-type ssh level 3

[Switch-luser-client001] quit

# Specify the authentication method of user client001 as password.

[Switch] ssh user client001 authentication-type password

z

Configure the SSH client

# Configure an IP address (192.168.0.2 in this case) for the SSH client. This IP address and that of the

VLAN interface on the switch must be in the same network segment.