H3C S5100-SI Series Operation Manual page 693

Operation Manual – SSH
H3C S5100-SI/EI Series Ethernet Switches
II. Network diagram
SSH user
Figure 1-19 Switch acts as server for password and HWTACACS authentication
III. Configuration procedure
Configure the SSH server
# Create a VLAN interface on the switch and assign it an IP address. This address will
be used as the IP address of the SSH server for SSH connections.
<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
Caution:
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[Switch] public-key local create rsa
[Switch] public-key local create dsa
# Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[Switch-ui-vty0-4] protocol inbound ssh
[Switch-ui-vty0-4] quit
# Configure the HWTACACS scheme.
[Switch] hwtacacs scheme hwtac
[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49
HWTACACS server
10.1.1.1/24
Vlan-int2
192.168.1.70/24
Switch
Internet
1-39
Chapter 1 SSH Configuration