Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 78
22
After you enter the correct username and password, you can log into Device B successfully.
When Device Acts as Client for Publickey Authentication
Network requirements
•
As shown in
, Device A (the SSH client) needs to log into Device B (the SSH server) through
the SSH protocol.
•
Publickey authentication is used, and the public key algorithm is DSA.
Figure 12 Device acts as client for publickey authentication
Configuration procedure
NOTE:
During SSH server configuration, the client public key is required. Therefore, you are recommended to use
the client software to generate a DSA key pair on the client before configuring the SSH server.
Step1
Configure the SSH client
# Configure an IP address for interface GigabitEthernet 0/1.
[DeviceA] interface gigabitethernet 0/1
[DeviceA-GigabitEthernet0/1] ip address 10.165.87.137 255.255.255.0
[DeviceA-GigabitEthernet0/1] quit
# Generate a DSA key pair.
[DeviceA] public-key local create dsa
# Export the DSA public key to file key.pub.
[DeviceA] public-key local export dsa ssh2 key.pub
[DeviceA] quit
Then, you need to transmit the public key file to the server through FTP or TFTP.
Step2
Configure the SSH server
# Generate RSA and DSA key pairs and enable SSH server.
[DeviceB] public-key local create rsa
[DeviceB] public-key local create dsa
[DeviceB] ssh server enable
# Configure an IP address for interface GigabitEthernet 0/1, which the SSH client will use as the
destination for SSH connection.
[DeviceB] interface gigabitethernet 0/1
[DeviceB-GigabitEthernet0/1] ip address 10.165.87.136 255.255.255.0
[DeviceB-GigabitEthernet0/1] quit