Network Requirements - H3C S9500E Series Security Configuration Manual

By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in the state of DOWN. To
configure such an interface, use the undo shutdown command to bring it up first.

Network requirements

An SSH connection is established between Switch A and Switch B. See Figure 48. Switch A, an
SFTP client, logs in to Switch B for file management and file transfer. An SSH user uses publickey
authentication with the public key algorithm being RSA.
Figure 48 Network diagram for SFTP client configuration
Configuration procedure
Configure the SFTP server (Switch B)
1.
Generate RSA and DSA key pairs and enable the SSH server.
<SwitchB> system-view
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
[SwitchB] ssh server enable
# Enable the SFTP server.
[SwitchB] sftp server enable
Configure an IP address for VLAN interface 1, which the SSH client uses as the destination for SSH
connection.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 192.168.0.1 255.255.255.0
[SwitchB-Vlan-interface1] quit
Set the authentication mode on the user interfaces to AAA.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
Set the protocol that a remote user uses to log in as SSH.
[SwitchB-ui-vty0-4] protocol inbound ssh
[SwitchB-ui-vty0-4] quit
Before performing the following tasks, you must generate use the client software to generate RSA key pairs
on the client, save the host public key in a file named pubkey, and then upload the file to the SSH server
through FTP or TFTP. For more information, see
Import the peer public key from the file pubkey.
[SwitchB] public-key peer Switch001 import sshkey pubkey
Configure the SFTP client (Switch A)
148
below.