Publickey authentication enabled Stelnet client configuration example
Network requirements
As shown in Figure 126, you can log in to Router B through the Stelnet client that runs on Router A. Router B acts as the Stelnet server, adopting publickey authentication and the DSA public key algorithm.
Figure 126: Network diagram
Configuration considerations
In the server configuration, the client public key is required. Use the client software to generate a DSA key pair on the client before configuring the Stelnet server.
Configuration procedure
Configure the Stelnet client:
# Configure an IP address for interface Ethernet 1/1.
<RouterA> system-view [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 192.168.1.56 255.255.255.0 [RouterA-Ethernet1/1] quit
# Generate a DSA key pair.
[RouterA] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++
# Export the DSA public key to file key.pub.
[RouterA] public-key local export dsa ssh2 key.pub [RouterA] quit
# Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Configure the Stelnet server:
# Generate the RSA key pairs.
<RouterB> system-view [RouterB] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++
# Generate a DSA key pair.
[RouterB] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++
# Enable SSH server function.
[RouterB] ssh server enable
# Configure an IP address for interface Ethernet 1/1. The Stelnet client uses this address as the destination address of the SSH connection.
[RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 192.168.1.40 255.255.255.0 [RouterB-Ethernet1/1] quit
# Set the authentication mode for the user interfaces to AAA.
[RouterB] user-interface vty 0 4 [RouterB-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[RouterB-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[RouterB-ui-vty0-4] user privilege level 3 [RouterB-ui-vty0-4] quit
# Import the peer public key from the file key.pub, and name it ClientKey.
[RouterB] public-key peer ClientKey import sshkey key.pub
# Create an SSH user client002 with the authentication method publickey, and assign the public key ClientKey to the user.
[RouterB] ssh user client002 service-type stelnet authentication-type publickey assign publickey ClientKey
Establish a connection to the Stelnet server:
# Establish an SSH connection to the Stelnet server 192.168.1.40.
<RouterA> ssh2 192.168.1.40 Username: client002 Trying 192.168.1.40 ... Press CTRL+K to abort Connected to 192.168.1.40 ... The Server is not authenticated. Continue? [Y/N]:y Do you want to save the server public key? [Y/N]:n
Then, you can log in to Router B successfully.