When Switch Acts As Client For Publickey Authentication - HP 4800G Series Configuration Manual

When Switch Acts as Client for Publickey Authentication

Network requirements
As shown in
through the SSH protocol.
Publickey authentication is used, and the public key algorithm is DSA.
Figure 1-11 Switch acts as client for publickey authentication
Configuration procedure
1) Configure the SSH server
# Generate RSA and DSA key pairs and enable SSH server.
<SwitchB> system-view
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
[SwitchB] ssh server enable
# Configure an IP address for VLAN interface 1, which the SSH client will use as the destination for SSH
connection.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[SwitchB-Vlan-interface1] quit
# Set the authentication mode for the user interfaces to AAA.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[SwitchB-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[SwitchB-ui-vty0-4] user privilege level 3
[SwitchB-ui-vty0-4] quit
Before performing the following tasks, you must use the client software to generate an RSA key pair on
the client, save the public key in a file named key.pub, and then upload the file to the SSH server
through FTP or TFTP. For details, refer to
# Import the peer public key from the file key.pub.
Figure 1-11, Switch A (the SSH client) needs to log into Switch B (the SSH server)
Configure the SSH client
1-22
below.