H3C S5600 SERIES Operation Manual page 891

Network diagram
Figure 1-30 Switch acts as client for publickey authentication
Configuration procedure
In public key authentication, you can use either RSA or DSA public key. Here takes the DSA public key
as an example.
Configure Switch B
# Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the
destination for SSH connection.
<SwitchB> system-view
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[SwitchB-Vlan-interface1] quit
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
# Set the authentication mode for the user interfaces to AAA.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[SwitchB-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[SwitchB-ui-vty0-4] user privilege level 3
[SwitchB-ui-vty0-4] quit
# Specify the authentication type of user client001 as publickey.
1-40