Configuration of launching SSH authentication with non-first-time authentication on S3600 as SSH client
1 Network requirements:
SSH would be applied in S3600 in order to protect the security of data transmission launching from client to server.
Switch A: SSH client. Username:client001.
Switch B: SSH server. IP address: 10.165.87.136.
Authentication type: public key authentication.
2 Network diagram:
3 Configuration procedure:
Switch B:
3.1 Enter system view:
<H3C>system-view
3.2 Create Vlan interface and allocate Vlan IP address as the server IP address:
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[H3C-Vlan-interface1] quit
3.3 Create RSA private key pair:
[H3C] rsa local-key-pair create
3.4 Set authentication type as AAA on user interface:
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
3.5 Enable SSH protocol on user interface:
[H3C-ui-vty0-4] protocol inbound ssh
3.6 Configure privilege level:
[H3C-ui-vty0-4] user privilege level 3
[H3C-ui-vty0-4] quit
3.7 Create client001 with public key authentication:
[H3C] ssh user client001 authentication-type publickey
3.8 Configure client public key on server. Public key’s name: Switch001:
[H3C] rsa peer-public-key Switch001
RSA public key view: return to System View with "peer-public-key end".
[H3C-rsa-public-key] public-key-code begin
RSA key code view: return to last view with "public-key-code end".
[H3C-rsa-key-code]3047
[H3C-rsa-key-code]0240
[H3C-rsa-key-code]C8969B5A 132440F4 0BDB4E5E 40308747 804F608B
[H3C-rsa-key-code]349EBD6A B0C75CDF 8B84DBE7 D5E2C4F8 AED72834
[H3C-rsa-key-code]74D3404A 0B14363D D709CC63 68C8CE00 57C0EE6B
[H3C-rsa-key-code]074C0CA9
[H3C-rsa-key-code]0203
[H3C-rsa-key-code]010001
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key] peer-public-key end
[H3C]
3.9 Bind user with public key:
[H3C] ssh user client001 assign rsa-key Switch001
Switch A:
3.10 Enter system view:
<H3C> system-view
3.11 Create Vlan interface and allocate Vlan IP address as the client IP address:
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] ip address 10.165.87.137 255.255.255.0
[H3C-Vlan-interface1] quit
3.12 Create RSA private key pair:
[H3C] rsa local-key-pair create
3.13 Set non-first-time authentication:
[H3C] undo ssh client first-time
3.14 Configure server public key on client. Public key’s name: Switch002:
[H3C] rsa peer-public-key Switch002
RSA public key view: return to System View with "peer-public-key end".
[H3C-rsa-public-key] public-key-code begin
RSA key code view: return to last view with "public-key-code end".
[H3C-rsa-key-code]308188
[H3C-rsa-key-code]028180
[H3C-rsa-key-code]C9330FFD 2E2A606F 3BFD5554 8DACDFB8 4D754E86
[H3C-rsa-key-code]FC2D15E8 1996422A 0F6A2A6A A94A207E 1E25F3F9
[H3C-rsa-key-code]E0EA01A2 4E0F2FF7 B1D31505 39F02333 E443EE74
[H3C-rsa-key-code]5C3615C3 E5B3DC91 D41900F0 2AE8B301 E55B1420
[H3C-rsa-key-code]024ECF2C 28A6A454 C27449E0 46EB1EAF 8A918D33
[H3C-rsa-key-code]BAF53AF3 63B1FB17 F01E4933 00BE2EEA A272CD78
[H3C-rsa-key-code]C289B7DD 2BE0F7AD
[H3C-rsa-key-code]0203
[H3C-rsa-key-code]010001
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key] peer-public-key end
3.15 Bind IP address of server with public key:
[H3C] ssh client 10.165.87.136 assign rsa-key Switch002
4 Configuration Tips:
Please configure client public key manually and all other settings on server soon after key pair is created on client. Then continue to configure the rest on client.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作