H3C S5500-EI Series Operation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5500-EI series
  6. Operation manual
H3C S5500-EI Series Operation Manual

H3C S5500-EI Series Operation Manual

Hide thumbs Also See for S5500-EI Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Operating Manual
Operation Manual - SSH
H3C S5500-EI Series Ethernet Switches
Chapter 1 SSH Configuration....................................................................................................... 1-1
1.1 SSH2.0 Overview............................................................................................................... 1-1
1.1.1 Algorithm and Key................................................................................................... 1-1
1.1.2 Asymmetric Key Algorithm ...................................................................................... 1-2
1.1.3 SSH Operating Process .......................................................................................... 1-2
1.2 Configuring the Device as an SSH Server ........................................................................ 1-6
1.2.1 SSH Server Configuration Task List ....................................................................... 1-6
1.2.2 Enabling SSH Server .............................................................................................. 1-6
1.2.3 Configuring the User Interfaces for SSH Clients..................................................... 1-6
1.2.4 Configuring RSA and DSA Keys ............................................................................. 1-7
1.2.5 Configuring a Client Public Key............................................................................... 1-9
1.2.6 Configuring an SSH User...................................................................................... 1-10
1.2.7 Setting the SSH Management Parameters........................................................... 1-12
1.3 Configuring the Device as an SSH Client........................................................................ 1-13
1.3.1 SSH Client Configuration Task List....................................................................... 1-13
1.4 Displaying and Maintaining SSH ..................................................................................... 1-15
1.5 SSH Server Configuration Examples............................................................................... 1-16
1.5.1 When Using Password Authentication.................................................................. 1-16
1.5.2 When Using Publickey Authentication .................................................................. 1-18
1.6 SSH Client Configuration Examples ................................................................................ 1-24
1.6.1 When Using Password Authentication.................................................................. 1-24
1.6.2 When Using Publickey Authentication .................................................................. 1-27
Chapter 2 SFTP Service ................................................................................................................ 2-1
2.1 SFTP Overview.................................................................................................................. 2-1
2.2 Configuring an SFTP Server.............................................................................................. 2-1
2.2.1 Configuration Prerequisites..................................................................................... 2-1
2.2.2 Enabling the SFTP Server ...................................................................................... 2-1
2.2.3 Configuring the SFTP Connection Idle Timeout Period .......................................... 2-2
2.3 Configuring an SFTP Client ............................................................................................... 2-2
2.3.2 Establishing a Connection to the SFTP Server....................................................... 2-3
2.3.3 Working with the SFTP Directories ......................................................................... 2-3
2.3.4 Working with SFTP Files......................................................................................... 2-4
2.3.5 Displaying Help Information .................................................................................... 2-5

Table of Contents

i
Table of Contents

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5500-EI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5500-EI Series

Summary of Contents for H3C S5500-EI Series

  • Page 1: Table Of Contents

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SSH Configuration....................... 1-1 1.1 SSH2.0 Overview....................... 1-1 1.1.1 Algorithm and Key....................1-1 1.1.2 Asymmetric Key Algorithm ..................1-2 1.1.3 SSH Operating Process ..................1-2 1.2 Configuring the Device as an SSH Server ................
  • Page 2 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Table of Contents 2.3.6 Terminating the Connection to the Remote SFTP Server ........2-6 2.4 SFTP Configuration Example .................... 2-6...

  • Page 3: Chapter 1 Ssh Configuration

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Chapter 1 SSH Configuration When configuring SSH, go to these sections for information you are interested in: SSH2.0 Overview Configuring the Device as an SSH Server Configuring the Device as an SSH Client...

  • Page 4: Asymmetric Key Algorithm

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Key-based algorithm is usually classified into symmetric key algorithm and asymmetric key algorithm. 1.1.2 Asymmetric Key Algorithm Asymmetric key algorithm means that a key pair exists at both ends. The key pair consists of a private key and a public key.
  • Page 5 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration I. Version negotiation The server opens port 22 to listen to connection requests from clients. The client sends a TCP connection request to the server. After the TCP connection is established, the server sends the first packet to the client, which includes a version identification string in the format of “SSH-<primary protocol...
  • Page 6 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Caution: Before the negotiation, the server must have already generated the RSA and DSA key pairs, which are mainly used for generating the session key. III. Authentication...
  • Page 7 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Note: Besides password authentication and publickey authentication, SSH provides another two authentication methods: password-publickey: Performs both password authentication and publickey authentication of the client. A client running SSH1 client only needs to pass either type of the two, while a client running SSH2 client must pass both of them to login.

  • Page 8: Configuring The Device As An Ssh Server

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration 1.2 Configuring the Device as an SSH Server 1.2.1 SSH Server Configuration Task List Complete the following tasks to configure an SSH server: Task Remarks Enabling SSH Server...

  • Page 9: Configuring Rsa And Dsa Keys

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Follow these steps to configure the protocols for the current user interface to support: To do… Use the command… Remarks Enter system view system-view — Enter user interface view...
  • Page 10 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Caution: Configuration of the rsa local-key-pair create and public-key local create dsa command can survive a reboot. You only need to configure it once. The length of an RSA server/host key is in the range 512 to 2048 bits. With SSH2, however, some clients require that the keys generated by the server must not be less than 768 bits.

  • Page 11: Configuring A Client Public Key

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration 1.2.5 Configuring a Client Public Key Note: This configuration task is only necessary for SSH users using publickey authentication. For an SSH user that uses publickey authentication to login, the server must be configured with the client RSA or DSA host public key in advance, and the corresponding private key for the client must be specified on the client.

  • Page 12: Configuring An Ssh User

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration To do… Use the command… Remarks Required The content must be a hexadecimal string that is generated randomly by Configure a client public Enter the content of the...
  • Page 13 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration To do… Use the command… Remarks Enter system view system-view — ssh user username service-type stelnet authentication-type For stelnet { password | { any | Create an...

  • Page 14: Setting The Ssh Management Parameters

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Note: For users using publickey authentication: You must configure on the device the corresponding username and public keys. After login, the commands available for a user are determined by the user privilege level, which is configured with the user privilege level command on the user interface.

  • Page 15: Configuring The Device As An Ssh Client

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Note: Authentication will fail if the number of authentication attempts (including both publickey and password authentication) exceeds that specified in the ssh server authentication-retries command. 1.3 Configuring the Device as an SSH Client 1.3.1 SSH Client Configuration Task List...
  • Page 16 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration With first-time authentication, when an SSH client not configured with the server host public key accesses the server for the first time, the user can continue accessing the server, and save the host public key on the client for use in subsequent authentications.

  • Page 17: Establishing A Connection Between The Ssh Client And The Server

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration 1.3.4 Establishing a Connection Between the SSH Client and the Server Follow these steps to establish the connection between the SSH client and the server: To do...

  • Page 18: Ssh Server Configuration Examples

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration To do… Use the command… Remarks Display the mappings between Available in any host public keys and SSH display ssh server-info view servers saved on a client...
  • Page 19 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration [Switch-ui-vty0-4] authentication-mode scheme # Enable the user interface to support SSH. [Switch-ui-vty0-4] protocol inbound ssh [Switch-ui-vty0-4] quit # Create local user client001, and set the user command privilege level to 3...

  • Page 20: When Using Publickey Authentication

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-3 SSH client configuration interface From the window shown in Figure 1-3, click Open. The following SSH client interface appears. If the connection is normal, you will be prompted to enter the username (client001) and password (aabbcc) 1.5.2 When Using Publickey Authentication...
  • Page 21 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure Configure the SSH server # Generate RSA and DSA key pairs and enable SSH server. <Switch> system-view [Switch] public-key local create rsa [Switch] public-key local create dsa [Switch] ssh server enable # Configure an IP address for VLAN interface 1.
  • Page 22 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-5 Generate a client key pair (1) While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 1-6.
  • Page 23 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-6 Generate a client key pair (2) After the key pair is generated, click Save public key to save the key in a file by entering a file name (“key.pub” in this case).
  • Page 24 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-7 Generate a client key pair (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the key (“private”...
  • Page 25 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration # Specify the private key file and establish a connection with the SSH server Launch PuTTY.exe to enter the following interface. In the Host Name (or IP address) text box, enter the IP address of the server (192.168.1.40).

  • Page 26: Ssh Client Configuration Examples

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-10 SSH client configuration interface (2) From the window shown in Figure 1-10, click Open. The following SSH client interface appears. If the connection is normal, you will be prompted to enter the username (client002) to enter the configuration interface.
  • Page 27 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration II. Network diagram Figure 1-11 Network diagram for SSH client configuration (using password authentication) III. Configuration procedure Configure the SSH server # Create an RSA and DSA key pair and enable the SSH server.
  • Page 28 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0 [SwitchA-Vlan-interface1] quit # Disable first-time authentication. [SwitchA] undo ssh client first-time # Configure the host public key of the SSH server.

  • Page 29: When Using Publickey Authentication

    Chapter 1 SSH Configuration Press CTRL+K to abort Connected to 10.165.87.136... Enter password: ************************************************************************** * Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <SwitchB>...
  • Page 30 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 1 SSH Configuration [SwitchB-ui-vty0-4] authentication-mode scheme # Enable the user interface to support SSH. [SwitchB-ui-vty0-4] protocol inbound ssh # Set the user command privilege level to 3. [SwitchB-ui-vty0-4] user privilege level 3...
  • Page 31 The Server is not authenticated. Continue? [Y/N]:y Do you want to save the server public key? [Y/N]:n ************************************************************************** * Copyright (c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 32: Chapter 2 Sftp Service

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service Chapter 2 SFTP Service When configuring SFTP, go to these sections for information you are interested in: SFTP Overview Configuring an SFTP Server Configuring an SFTP Client SFTP Configuration Example 2.1 SFTP Overview...

  • Page 33: Configuring The Sftp Connection Idle Timeout Period

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service Note: When the device functions as the SFTP server, only one client can access the SFTP server at a time. If the SFTP client uses WinSCP, a file on the server cannot be modified directly;...

  • Page 34: Establishing A Connection To The Sftp Server

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service 2.3.2 Establishing a Connection to the SFTP Server This configuration task is to enable the SFTP client to establish a connection with the remote SFTP server and enter SFTP client view.

  • Page 35: Working With Sftp Files

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service To do… Use the command… Remarks Change the working directory of the remote cd [ remote-path ] Optional SFTP server Return to the upper-level cdup Optional directory...

  • Page 36: Displaying Help Information

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service To do… Use the command… Remarks sftp [ ipv6 ] server [ port-number ] [ identity-key { dsa | rsa } | prefer-ctos-cipher { aes128 | des } | prefer-ctos-hmac...

  • Page 37: Terminating The Connection To The Remote Sftp Server

    Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service To do… Use the command… Remarks sftp [ ipv6 ] server [ port-number ] [ identity-key { dsa | rsa } | prefer-ctos-cipher { aes128 | des }...
  • Page 38 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service II. Network diagram Figure 2-1 Network diagram for SFTP configuration III. Configuration procedure Configure the SFTP server (Switch B) # Generate RSA and DSA key pairs and enable the SSH server.
  • Page 39 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service Note: If you set the SSH authentication method to publickey, you need to configure the host public key of SwitchA. For the specific configuration, refer to When Using Publickey Authentication.
  • Page 40 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service This operation may take a long time.Please wait... File successfully Removed sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2...
  • Page 41 Operation Manual – SSH H3C S5500-EI Series Ethernet Switches Chapter 2 SFTP Service -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1...

This manual is also suitable for:

S3610 seriesS5510 series

Table of Contents