H3C S5100-SI Operation Manual page 626

Before doing the following steps, you must first generate a DSA key pair on the client and save the key
pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP. For
details, refer to the following "Configure Switch A".
# Import the client's public key file Switch001 and name the public key as Switch001.
[SwitchB] public-key peer Switch001 import sshkey Switch001
# Assign public key Switch001 to user client001
[SwitchB] ssh user client001 assign publickey Switch001
# Export the generated DSA host public key pair to a file named Switch002.
[SwitchB] public-key local export dsa ssh2 Switch002
When first-time authentication is not supported, you must first generate a DSA key pair on the server
and save the key pair in a file named Switch002, and then upload the file to the SSH client through FTP
or TFTP.
Configure Switch A
# Create a VLAN interface on the switch and assign an IP address, which serves as the SSH client's
address in an SSH connection.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Generate a DSA key pair
[SwitchA] public-key local create dsa
# Export the generated DSA key pair to a file named Switch001.
[SwitchA] public-key local export dsa ssh2 Switch001
After generating the key pair, you need to upload the key pair file to the server through FTP or TFTP and
complete the server end configuration before you continue to configure the client.
# Disable first-time authentication on the device.
[SwitchA] undo ssh client first-time
1-45