When Switch Acts As Server For Password Authentication - H3C S9500E Series Security Configuration Manual
Routing switches
Hide thumbs
Also See for S9500E Series:
- Configuration manual (459 pages) ,
- Command reference manual (225 pages) ,
- Installation manual (154 pages)
Table of Contents
Advertisement
When switch acts as server for password authentication
Network requirements
•
A local SSH connection is established between the host (the SSH client) and the switch (the
SSH server) for secure data exchange. See Figure 37.
•
Password authentication is required.
Figure 37
Switch acts as server for password authentication
Configuration procedure
Configure the SSH server
1.
Generate RSA and DSA key pairs and enable the SSH server.
<Switch> system-view
[Switch] public-key local create rsa
[Switch] public-key local create dsa
[Switch] ssh server enable
Configure an IP address for VLAN interface 1. This address will serve as the destination of the SSH
connection.
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0
[Switch-Vlan-interface1] quit
Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
Enable the user interfaces to support SSH.
[Switch-ui-vty0-4] protocol inbound ssh
[Switch-ui-vty0-4] quit
Create local user client001, and set the user command privilege level to 3
[Switch] local-user client001
[Switch-luser-client001] password simple aabbcc
[Switch-luser-client001] service-type ssh
[Switch-luser-client001] authorization-attribute level 3
[Switch-luser-client001] quit
Specify the service type for user client001 as Stelnet, and the authentication mode as
password.
[Switch] ssh user client001 service-type stelnet authentication-type password
Configure the SSH client
2.
130
Advertisement
Table of Contents
Troubleshooting
