Publickey authentication enabled Stelnet server configuration example
Network requirements
As shown in Figure 119, you can log in to the router through the Stelnet client (SSH2) that runs on the host. The router acts as the Stelnet server, adopting publickey authentication and the RSA public key algorithm.
Figure 119: Network diagram
Configuration considerations
In the server configuration, the client public key is required. Use the client software to generate the RSA key pair on the client before configuring the Stelnet server.
The device supports different types of Stelnet client software, such as PuTTY and OpenSSH. The following example takes PuTTY version 0.58 on the Stelnet client.
Configuration procedure
Generate an RSA key pair on the Stelnet client:
Launch PuTTYGen.exe, select SSH-2 RSA and click Generate.
Figure 120: Generating a key pair on the client
Continuously move the mouse and do not place the mouse over the green progress bar shown in Figure 121. Otherwise, the progress bar stops moving and the key pair generating progress stops.
Figure 121: Generating process
After the key pair is generated, click Save public key and specify the file name as key.pub to save the public key.
Figure 122: Saving a key pair on the client
Click Save private key to save the private key.
A confirmation dialog box appears.
Click Yes and enter the name of the file for saving the key (private.ppk in this example).
Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Configure the Stelnet server:
# Generate the RSA key pairs.
<Router> system-view [Router] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++
# Generate a DSA key pair.
[Router] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++
# Enable the SSH server function.
[Router] ssh server enable
# Configure an IP address for interface Ethernet 1/1. The Stelnet client uses this address as the destination for SSH connection.
[Router] interface ethernet 1/1 [Router-Ethernet1/1] ip address 192.168.1.40 255.255.255.0 [Router-Ethernet1/1] quit
# Set the authentication mode for the user interfaces to AAA.
[Router] user-interface vty 0 4 [Router-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[Router-ui-vty0-4] protocol inbound ssh [Router-ui-vty0-4] quit
# Import the client's public key from file key.pub and name it ClientKey.
[Router] public-key peer ClientKey import sshkey key.pub
# Create an SSH user client002 with the authentication method publickey, and assign the public key ClientKey to the user.
[Router] ssh user client002 service-type stelnet authentication-type publickey assign publickey ClientKey
Establish a connection to the Stelnet server:
Launch PuTTY.exe on the Stelnet client to enter the following interface.
In the Host Name (or IP address) field, enter the IP address 192.168.1.40 of the Stelnet server .
Figure 123: Specifying the host name (or IP address)
Select Connection > SSH > Auth from the navigation tree.
Click Browse… to bring up the file selection window, navigate to the private key file (private.ppk), and click OK.
Figure 124: Specifying the private key file
Click Open to connect to the server.
If the connection is successfully established, the system asks you to enter the username. After entering the username (client002), you can enter the CLI of the server.