H3C S3600 Series Operation Manual page 24

Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510
III. Configuration procedure
The configuration procedure varies with login authentication modes. However, you
must complete the following three configuration tasks before any configuration
procedure.
<H3C> system-view
[H3C] rsa local-key-pair create
Then, you must create a VLAN interface on the switch and assign an IP address, which
the SSH client will use as the destination for SSH connection.
[H3C] interface vlan-interface 1
[H3C-Vlan-interface1] ip address 192.168.0.1 255.255.255.0
[H3C-Vlan-interface1] quit
Finally, you must configure an IP address (192.168.0.2 in this case) for the SSH client.
This IP address and that of the VLAN interface on the switch must be in the same
network segment.
1) Set user authentication method.
Settings for the two authentication types are described respectively in the following:
Password authentication
# Set AAA authentication on user interfaces.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
# Configure the user interfaces to support SSH.
[H3C-ui-vty0-4] protocol inbound ssh
[H3C-ui-vty0-4] quit
# Set login protocol to SSH, specify commands of level 3, and authentication password
to "abc" for user clinet001.
[H3C] local-user client001
[H3C-luser-client001] password simple abc
[H3C-luser-client001] service-type ssh level 3
[H3C-luser-client001] quit
[H3C] ssh user client001 authentication-type password
Note:
You can use the default SSH authentication timeout time and authentication retry times.
After the above settings, run the SSH2.0-supported client software on a host connected
to the switch, and log into the switch with the username client001 and password "abc".
1-23
Chapter 1 SSH Terminal Service