When the switch acts as a server for password authentication

Network requirements

As shown in Figure 79, a host (the SSH client) and a switch (the SSH server) are directly connected. Configure an SSH user on the switch so that the host can securely log in to the switch after passing password authentication. Configure a username and password for the user on the switch.

Figure 79: Network diagram

Configuration procedure

  • Configure the SSH server:

  • # Generate RSA key pairs.

    <Switch> system-view
    [Switch] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++
    ++++++++++++++
    +++++
    ++++++++
    

    # Generate a DSA key pair.

    [Switch] public-key local create dsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++
    

    # Enable the SSH server.

    [Switch] ssh server enable
    

    # Configure an IP address for VLAN-interface 1. This address will serve as the destination of the SSH connection.

    [Switch] interface vlan-interface 1
    [Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0
    [Switch-Vlan-interface1] quit
    

    # Set the authentication mode for the user interfaces to AAA.

    [Switch] user-interface vty 0 15
    [Switch-ui-vty0-15] authentication-mode scheme
    

    # Enable the user interfaces to support SSH.

    [Switch-ui-vty0-15] protocol inbound ssh
    [Switch-ui-vty0-15] quit
    

    # Create local user client001, and set the user command privilege level to 3

    [Switch] local-user client001
    [Switch-luser-client001] password simple aabbcc
    [Switch-luser-client001] service-type ssh
    [Switch-luser-client001] authorization-attribute level 3
    [Switch-luser-client001] quit
    

    # Specify the service type for user client001 as stelnet, and the authentication method as password. This step is optional.

    [Switch] ssh user client001 service-type stelnet authentication-type password
    
  • Establish a connection between the SSH client and the SSH server:

  • The switch supports a variety of SSH client software, such as PuTTY, and OpenSSH. The following example uses PuTTY Version 0.58.

    To establish a connection to the SSH server:

    1. Launch PuTTY.exe to enter the interface as shown in Figure 80.

    2. In the Host Name (or IP address) text box, enter the IP address of the server 192.168.1.40.

    Figure 80: Specifying the host name (or IP address)

    1. Click Open to connect to the server.

    If the connection is normal, you will be prompted to enter the username and password. After entering the username (client001) and password (aabbcc), you can enter the configuration interface of the server.