When switch acts as client for password authentication

Network requirements

As shown in Figure 87, Switch A (the SSH client) must pass password authentication to log in to Switch B (the SSH server) through the SSH protocol. Configure the username client001 and the password aabbcc for the SSH client on Switch B.

Figure 87: Network diagram

Configuration procedure

  • Configure the SSH server:

  • # Generate RSA key pairs.

    <SwitchB> system-view
    [SwitchB] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++
    ++++++++++++++
    +++++
    ++++++++
    

    # Generate a DSA key pair.

    [SwitchB] public-key local create dsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++
    

    # Enable the SSH server.

    [SwitchB] ssh server enable
    

    # Configure an IP address for VLAN-interface 1, which the SSH client will use as the destination for SSH connection.

    [SwitchB] interface vlan-interface 1
    [SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
    [SwitchB-Vlan-interface1] quit
    

    # Set the authentication mode for the user interfaces to AAA.

    [SwitchB] user-interface vty 0 15
    [SwitchB-ui-vty0-15] authentication-mode scheme
    

    # Enable the user interfaces to support SSH.

    [SwitchB-ui-vty0-15] protocol inbound ssh
    [SwitchB-ui-vty0-15] quit
    

    # Create local user client001.

    [SwitchB] local-user client001
    [SwitchB-luser-client001] password simple aabbcc
    [SwitchB-luser-client001] service-type ssh
    [SwitchB-luser-client001] authorization-attribute level 3
    [SwitchB-luser-client001] quit
    

    # Specify the service type for user client001 as stelnet, and the authentication method as password. This step is optional.

    [SwitchB] ssh user client001 service-type stelnet authentication-type password
    
  • Establish a connection between the SSH client and the SSH server:

  • # Configure an IP address for VLAN-interface 1.

    <SwitchA> system-view
    [SwitchA] interface vlan-interface 1
    [SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0
    [SwitchA-Vlan-interface1] quit
    [SwitchA] quit
    

    # Establish a connection between the SSH client and the SSH server: