Configuration of launching SSH authentication with non-first-time authentication on S3600 as SSH client

Configuration of launching SSH authentication with non-first-time authentication on S3600 as SSH client

1 Network requirements:

SSH would be applied in S3600 in order to protect the security of data transmission launching from client to server.

Switch A: SSH client. Username:client001.

Switch B: SSH server. IP address: 10.165.87.136.

Authentication type: public key authentication.

 

2 Network diagram:

 

3 Configuration procedure:

Switch B:

3.1 Enter system view:

<H3C>system-view

3.2 Create Vlan interface and allocate Vlan IP address as the server IP address:

[H3C] interface vlan-interface 1

[H3C-Vlan-interface1] ip address 10.165.87.136 255.255.255.0

[H3C-Vlan-interface1] quit

3.3 Create RSA private key pair:

[H3C] rsa local-key-pair create

3.4 Set authentication type as AAA on user interface:

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme

3.5 Enable SSH protocol on user interface:

[H3C-ui-vty0-4] protocol inbound ssh

3.6 Configure privilege level:

[H3C-ui-vty0-4] user privilege level 3

[H3C-ui-vty0-4] quit

3.7 Create client001 with public key authentication:

[H3C] ssh user client001 authentication-type publickey

3.8 Configure client public key on server. Public key’s name: Switch001:

[H3C] rsa peer-public-key Switch001

RSA public key view: return to System View with "peer-public-key end".

[H3C-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[H3C-rsa-key-code]3047

[H3C-rsa-key-code]0240

[H3C-rsa-key-code]C8969B5A 132440F4 0BDB4E5E 40308747 804F608B

[H3C-rsa-key-code]349EBD6A B0C75CDF 8B84DBE7 D5E2C4F8 AED72834

[H3C-rsa-key-code]74D3404A 0B14363D D709CC63 68C8CE00 57C0EE6B

[H3C-rsa-key-code]074C0CA9

[H3C-rsa-key-code]0203

[H3C-rsa-key-code]010001

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key] peer-public-key end

[H3C]

3.9 Bind user with public key:

[H3C] ssh user client001 assign rsa-key Switch001

 

Switch A:

3.10 Enter system view:

<H3C> system-view

3.11 Create Vlan interface and allocate Vlan IP address as the client IP address:

[H3C] interface vlan-interface 1

[H3C-Vlan-interface1] ip address 10.165.87.137 255.255.255.0

[H3C-Vlan-interface1] quit

3.12 Create RSA private key pair:

[H3C] rsa local-key-pair create

3.13 Set non-first-time authentication:

[H3C] undo ssh client first-time

3.14 Configure server public key on client. Public key’s name: Switch002:

[H3C] rsa peer-public-key Switch002

RSA public key view: return to System View with "peer-public-key end".

[H3C-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[H3C-rsa-key-code]308188

[H3C-rsa-key-code]028180

[H3C-rsa-key-code]C9330FFD 2E2A606F 3BFD5554 8DACDFB8 4D754E86

[H3C-rsa-key-code]FC2D15E8 1996422A 0F6A2A6A A94A207E 1E25F3F9

[H3C-rsa-key-code]E0EA01A2 4E0F2FF7 B1D31505 39F02333 E443EE74

[H3C-rsa-key-code]5C3615C3 E5B3DC91 D41900F0 2AE8B301 E55B1420

[H3C-rsa-key-code]024ECF2C 28A6A454 C27449E0 46EB1EAF 8A918D33

[H3C-rsa-key-code]BAF53AF3 63B1FB17 F01E4933 00BE2EEA A272CD78

[H3C-rsa-key-code]C289B7DD 2BE0F7AD

[H3C-rsa-key-code]0203

[H3C-rsa-key-code]010001

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key] peer-public-key end

3.15 Bind IP address of server with public key:

[H3C] ssh client 10.165.87.136 assign rsa-key Switch002

 

4 Configuration Tips:

Please configure client public key manually and all other settings on server soon after key pair is created on client. Then continue to configure the rest on client.