•
When the device acts as a NETCONF-over-SSH server, only RSA key pairs are supported. Do
not generate a DSA key pair on the NETCONF-over-SSH server.
Network requirements
As shown in
•
The router uses local password authentication.
•
The client's username and password are saved on the router.
Establish a NETCONF-over-SSH connection between the host and the router, so that you can log in
to the router to perform NETCONF operations.
Figure 131 Network diagram
Configuration procedure
# Generate RSA key pairs.
<Router> system-view
[Router] public-key local create rsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.
# Generate a DSA key pair.
[Router] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+.
Create the key pair successfully.
# Enable NETCONF over SSH.
[Router] netconf ssh server enable
# Assign an IP address to GigabitEthernet 2/0/1. The client uses this address as the destination for
NETCONF-over-SSH connection.
Figure
131:
430