When Switch Acts As Client And First-Time Authentication Is Not Supported - H3C S5100-SI Series Operation Manual

Operation Manual – SSH
H3C S5100-SI/EI Series Ethernet Switches
1.7.7 When Switch Acts as Client and First-Time Authentication is not
Supported
I. Network requirements
As shown in
and Switch B (SSH Server) for secure data exchange. The user name is client001 and
the SSH server's IP address is 10.165.87.136. The publickey authentication mode is
used to enhance security.
II. Network diagram
Figure 1-32 Switch acts as client and first-time authentication is not supported
III. Configuration procedure
Configure Switch B
# Create a VLAN interface on the switch and assign an IP address for it to serve as the
destination of the client.
<SwitchB> system-view
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[SwitchB-Vlan-interface1] quit
Note:
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
# Set AAA authentication on user interfaces.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
# Configure the user interfaces to support SSH.
[SwitchB-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
Figure 1-32, establish an SSH connection between Switch A (SSH Client)
1-53
Chapter 1 SSH Configuration