When the switch acts as a server for publickey authentication

As shown in Figure 81, a host (the SSH client) and a switch (the SSH server) are directly connected. Configure an SSH user on the switch so that the host can securely log in to the switch after passing publickey authentication. Use the RSA public key algorithm.

During SSH server configuration, the client public key is required. Use the client software to generate RSA key pairs on the client before configuring the SSH server.

1. Run PuTTYGen.exe, select SSH-2 RSA and click Generate.

   When the generator is generating the key pair, you must move the mouse continuously and keep the mouse off the green progress bar shown in Figure 83. Otherwise, the progress bar stops moving and the key pair generating process will be stopped.

2. Click Yes and enter the name of the file for saving the key (private.ppk in this case).

3. Transmit the public key file to the server through FTP or TFTP.

1. After the key pair is generated, click Save public key and specify the file name as key.pub to save the public key.

2. Click Yes and enter the name of the file for saving the key (private.ppk in this case).

3. Transmit the public key file to the server through FTP or TFTP.

1. Click Save private key to save the private key.

   A warning window pops up to prompt you whether to save the private key without any protection.

2. Click Yes and enter the name of the file for saving the key (private.ppk in this case).

3. Transmit the public key file to the server through FTP or TFTP.

# Generate RSA key pairs.

<Switch> system-view
[Switch] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++
++++++++++++++
+++++
++++++++

# Generate a DSA key pair.

[Switch] public-key local create dsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++

# Enable the SSH server.

[Switch] ssh server enable

# Configure an IP address for VLAN-interface 1. This address will serve as the destination of the SSH connection.

[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0
[Switch-Vlan-interface1] quit

# Set the authentication mode for the user interfaces to AAA.

[Switch] user-interface vty 0 15
[Switch-ui-vty0-15] authentication-mode scheme

# Enable the user interfaces to support SSH.

[Switch-ui-vty0-15] protocol inbound ssh

# Set the user command privilege level to 3.

[Switch-ui-vty0-15] user privilege level 3
[Switch-ui-vty0-15] quit

# Import the client's public key from file key.pub and name it Switch001.

[Switch] public-key peer Switch001 import sshkey key.pub

# Specify the authentication method for user client002 as publickey, and assign the public key Switch001 to the user.

[Switch] ssh user client002 service-type stelnet authentication-type publickey assign publickey Switch001

1. Launch PuTTY.exe to enter the interface as shown in Figure 85.

2. In the Host Name (or IP address) text box, enter the IP address of the server 192.168.1.40.

3. Click Browse… to bring up the file selection window, navigate to the private key file (private.ppk) and click OK.

1. Select Connection > SSH > Auth from the navigation tree.

   The window as shown in Figure 86 appears.

2. Click Browse… to bring up the file selection window, navigate to the private key file (private.ppk) and click OK.

1. Click Open to connect to the server.

If the connection is normal, you will be prompted to enter the username. After entering the username (client002), you can enter the configuration interface of the server.