Publickey authentication enabled Stelnet server configuration example

As shown in Figure 94:

• You can log in to the switch through the Stelnet client (SSH2) that runs on the host.

• After login, you are assigned the user role network-admin for configuration management.

• The switch acts as the Stelnet server and uses publickey authentication and the RSA public key algorithm.

In the server configuration, the client's host public key is required. Use the client software to generate RSA key pairs on the client before configuring the Stelnet server.

There are different types of Stelnet client software, such as PuTTY and OpenSSH. This example uses an Stelnet client that runs PuTTY version 0.58.

The configuration procedure is as follows:

1. Generate RSA key pairs on the Stelnet client:

   1. Run PuTTYGen.exe on the client, select SSH-2 RSA and click Generate.

      Figure 95: Generating a key pair on the client

      

   2. Continue moving the mouse during the key generating process, but do not place the mouse over the green progress bar shown in Figure 96. Otherwise, the progress bar stops moving and the key pair generating progress stops.

      Figure 96: Generating process

      

   3. After the key pair is generated, click Save public key to save the public key.

      A file saving window appears.

   4. Enter a file name (key.pub in this example), and click Save.

      Figure 97: Saving a key pair on the client

      

   5. On the page as shown in Figure 97, click Save private key to save the private key.

      A confirmation dialog box appears.

   6. Click Yes.

      A file saving window appears.

   7. Enter a file name (private.ppk in this example), and click Save.

   8. Transmit the public key file to the server through FTP or TFTP. (Details not shown.)

2. Configure the Stelnet server:

   # Generate RSA key pairs.

   <Switch> system-view
   [Switch] public-key local create rsa
   The range of public key size is (512 ~ 2048).
   If the key modulus is greater than 512, it will take a few minutes.
   Press CTRL+C to abort.
   Input the modulus length [default = 1024]:
   Generating Keys...
   ........................++++++
   ...................++++++
   ..++++++++
   ............++++++++
   Create the key pair successfully.
   

   # Generate a DSA key pair.

   [Switch] public-key local create dsa
   The range of public key size is (512 ~ 2048).
   If the key modulus is greater than 512, it will take a few minutes.
   Press CTRL+C to abort.
   Input the modulus length [default = 1024]:
   Generating Keys...
   .++++++++++++++++++++++++++++++++++++++++++++++++++*
   ........+......+.....+......................................+
   ...+.................+..........+...+
   Create the key pair successfully.
   

   # Generate an ECDSA key pair.

   [Switch] public-key local create ecdsa secp256r1
   Generating Keys...
   .
   Create the key pair successfully.
   

   # Enable the Stelnet server.

   [Switch] ssh server enable
   

   # Assign an IP address to VLAN-interface 2. The Stelnet client uses this IP address as the destination for SSH connection.

   [Switch] interface vlan-interface 2
   [Switch-Vlan-interface2] ip address 192.168.1.40 255.255.255.0
   [Switch-Vlan-interface2] quit
   

   # Set the authentication mode to AAA for the user lines.

   [Switch] line vty 0 63
   [Switch-line-vty0-63] authentication-mode scheme
   [Switch-line-vty0-63] quit
   

   # Import the client's public key from file key.pub and name it switchkey.

   [Switch] public-key peer switchkey import sshkey key.pub
   

   # Create an SSH user client002. Specify the authentication method as publickey for the user. Assign the public key switchkey to the user.

   [Switch] ssh user client002 service-type stelnet authentication-type publickey assign publickey switchkey
   

   # Create a local device management user client002. Specify the service type as ssh for the user. Assign the user role network-admin to the user.

   [Switch] local-user client002 class manage
   [Switch-luser-manage-client002] service-type ssh
   [Switch-luser-manage-client002] authorization-attribute user-role network-admin
   [Switch-luser-manage-client002] quit
   

3. Specify the private key file and establish a connection to the Stelnet server:

   1. Launch PuTTY.exe on the Stelnet client to enter the interface shown in Figure 98.

   2. In the Host Name (or IP address) field, enter the IP address 192.168.1.40 of the Stelnet server.

      Figure 98: Specifying the host name (or IP address)

      

   3. Select Connection > SSH from the navigation tree.

      The window shown in Figure 99 appears.

   4. Specify the Preferred SSH protocol version as 2 in the Protocol options area.

      Figure 99: Specifying the preferred SSH version

      

   5. Select Connection > SSH > Auth from the navigation tree.

      The window shown in Figure 100 appears.

   6. Click Browse… to bring up the file selection window, navigate to the private key file (private.ppk in this example), and click OK.

      Figure 100: Specifying the private key file

      

   7. Click Open to connect to the server.

   If the connection is successfully established, the system notifies you to enter the username. After entering the username (client002), you can enter the CLI of the server.