Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 76
20
Configuration procedure
Step1
Configure the SSH server
# Create RSA and DSA key pairs and enable the SSH server.
[DeviceB] public-key local create rsa
[DeviceB] public-key local create dsa
[DeviceB] ssh server enable
# Configure an IP address for interface GigabitEthernet 0/1, which the SSH client will use as the
destination for SSH connection.
[DeviceB] interface gigabitethernet 0/1
[DeviceB-GigabitEthernet0/1] ip address 10.165.87.136 255.255.255.0
[DeviceB-GigabitEthernet0/1] quit
# Set the authentication mode for the user interfaces to AAA.
[DeviceB] user-interface vty 0 4
[DeviceB-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[DeviceB-ui-vty0-4] protocol inbound ssh
[DeviceB-ui-vty0-4] quit
# Create local user client001.
[DeviceB] local-user client001
[DeviceB-luser-client001] password simple aabbcc
[DeviceB-luser-client001] service-type ssh
[DeviceB-luser-client001] authorization-attribute level 3
[DeviceB-luser-client001] quit
# Specify the service type for user client001 as Stelnet, and the authentication method as password.
This step is optional.
[DeviceB] ssh user client001 service-type stelnet authentication-type password
Step2
Establish a connection between the SSH client and the SSH server
# Configure an IP address for interface GigabitEthernet 0/1.
[DeviceA] interface gigabitethernet 0/1
[DeviceA-GigabitEthernet0/1] ip address 10.165.87.137 255.255.255.0
[DeviceA-GigabitEthernet0/1] quit
[DeviceA] quit
•
If the client supports first-time authentication, you can directly establish a connection from the client
to the server.
# Establish an SSH connection to server 10.165.87.136.
Username: client001
Trying 10.165.87.136 ...
Press CTRL+K to abort
Connected to 10.165.87.136 ...
The Server is not authenticated. Continue? [Y/N]:y