[RouterA] public-key local export dsa ssh2 key.pub
[RouterA] quit
# Transmit the public key file key.pub to the server through FTP or TFTP. (Details not shown.)
2.
Configure the Stelnet server:
# Generate a DSA key pair.
[RouterB] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+
Create the key pair successfully.
# Enable SSH server function.
[RouterB] ssh server enable
# Assign an IP address to interface Ethernet 1/1. The Stelnet client uses this address as the
destination address of the SSH connection.
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ip address 192.168.1.40 255.255.255.0
[RouterB-Ethernet1/1] quit
# Set the authentication mode for the user lines to AAA.
[RouterB] line vty 0 15
[RouterB-line-vty0-15] authentication-mode scheme
[RouterB-line-vty0-15] quit
# Import the peer public key from the file key.pub, and name it clientkey.
[RouterB] public-key peer clientkey import sshkey key.pub
# Create an SSH user client002 with the authentication method publickey, and assign the public
key clientkey to the user.
[RouterB] ssh user client002 service-type stelnet authentication-type publickey
assign publickey clientkey
# Create a local device management user client002 with the service type ssh and the user role
network-admin.
[RouterB] local-user client002 class manage
[RouterB-luser-manage-client002] service-type ssh
[RouterB-luser-manage-client002] authorization-attribute user-role network-admin
[RouterB-luser-manage-client002] quit
3.
Establish an SSH connection to the Stelnet server 192.168.1.40.
<RouterA> ssh2 192.168.1.40
Username: client002
The server is not authenticated. Continue? [Y/N]:y
Do you want to save the server public key? [Y/N]:n
You can successfully log in to Router B for the first time without configuring its host public key,
because the client supports the first authentication by default.
237