H3C S3100-52P Operation Manual page 730

Operation Manual – SSH
H3C S3100-52P Ethernet Switch
[SwitchB-ui-vty0-4] user privilege level 3
[SwitchB-ui-vty0-4] quit
# Specify the authentication type for user client001 as publickey.
[SwitchB] ssh user client001 authentication-type publickey
Note:
Before doing the following steps, you must first generate a DSA key pair on the client
and save the key pair in a file named Switch001, and then upload the file to the SSH
server through FTP or TFTP. For details, refer to the following "Configure Switch A".
# Import the client's public key file Switch001 and name the public key as Switch001.
[SwitchB] public-key peer Switch001 import sshkey Switch001
# Assign public key Switch001 to user client001
[SwitchB] ssh user client001 assign publickey Switch001
# Export the generated DSA host public key pair to a file named Switch002.
[SwitchB] public-key local export dsa ssh2 Switch002
Note:
When first-time authentication is not supported, you must first generate a DSA key pair
on the server and save the key pair in a file named Switch002, and then upload the file
to the SSH client through FTP or TFTP.
Configure Switch A
# Create a VLAN interface on the switch and assign an IP address, which serves as the
SSH client's address in an SSH connection.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Generate a DSA key pair
[SwitchA] public-key local create dsa
# Export the generated DSA key pair to a file named Switch001.
[SwitchA] public-key local export dsa ssh2 Switch001
1-51
Chapter 1 SSH Configuration