The configuration of SSH Server on H3C 5600 switch
I Requirement for the diagram
1. PC act as SSH client and switch act as SSH Server. SSH Client runs the software of SSH2.0 client and connects to SSH Server to ensure the security of data information exchange.
II Network topology.
III Steps of configuration
1. Create local RSA key.
<H3C> system-view
[H3C] rsa local-key-pair create
2. Set the user’s log authentication-mode.
The first mode: password authentication.
# Set the authentication-mode of the user’s interface and it is AAA .
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
# User’s interface support SSH protocol
[H3C-ui-vty0-4] protocol inbound ssh
#The log protocol of the user “client001” is SSH, authentication-mode is password, and authentication password is abc.
[H3C] local-user client001
[H3C-luser-client001] password simple abc
[H3C-luser-client001] service-type ssh
[H3C-luser-client001] quit
[H3C] ssh user client001 authentication-type password
The second mode: RSA authentication.
# Set the authentication-mode of the user’s interface and it is AAA .
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
# User’s interface support SSH protocol
[H3C-ui-vty0-4] protocol inbound ssh
#The log protocol of the user “client002” is SSH, authentication-mode is RSA.
[H3C] ssh user client002 authentication-type rsa
#Create the RSA pair on the SSH client and public-key is sent to SSH server. Configure the public-key of the client on the server, and the public-key’ name is “switch002”.
[H3C] rsa peer-public-key switch002
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key] peer-public-key end
[H3C] ssh user client002 assign rsa-key switch002
IV Key notes in the configuration
1. The time-out time and retry count of the SSH authentication are default. After complete the configuration, the user can run the SSH2.0 client software on the terminal that it connects to switch, then enter the name “client001” and password “abc” to access the switch.
2. Especial software create the public-key-code of the server and then transform the format that switch can support . Here we use the puttygen.exe software to create public-key-code and the transform software that H3C provide to transform public-key-code.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作