Publickey authentication enabled Stelnet server configuration example
Network requirements
As shown in Figure 93:
You can log in to the switch through the Stelnet client (SSH2) that runs on the host.
The switch acts as the Stelnet server and uses publickey authentication and the RSA public key algorithm.
Figure 93: Network diagram
Configuration procedure
In the server configuration, the client public key is required. Use the client software to generate the RSA key pair on the client before configuring the Stelnet server.
The device supports a variety of Stelnet client software, such as PuTTY and OpenSSH. The following is an example of configuring Stelnet client using PuTTY Version 0.58.
Generate an RSA key pair on the Stelnet client:
Run PuTTYGen.exe, select SSH-2 RSA and click Generate.
Enter a file name (key.pub in this example), and click Save.
Click Yes.
A file saving window appears.
Enter the name of the file (private.ppk in this example), and click Save.
Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Figure 94: Generating a key pair on the client
Continuously move the mouse and do not place the mouse over the green progress bar shown in Figure 95. Otherwise, the progress bar stops moving and the key pair generating progress stops.
Enter a file name (key.pub in this example), and click Save.
Click Yes.
A file saving window appears.
Enter the name of the file (private.ppk in this example), and click Save.
Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Figure 95: Generating process
After the key pair is generated, click Save public key to save the public key.
A file saving window appears.
Enter a file name (key.pub in this example), and click Save.
Click Yes.
A file saving window appears.
Enter the name of the file (private.ppk in this example), and click Save.
Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Figure 96: Saving a key pair on the client
On the page as shown in Figure 96, click Save private key to save the private key.
A confirmation dialog box appears.
Click Yes.
A file saving window appears.
Enter the name of the file (private.ppk in this example), and click Save.
Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Configure the Stelnet server:
# Generate RSA key pairs.
<Switch> system-view [Switch] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++
# Generate a DSA key pair.
[Switch] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++
# Generate an ECDSA key pair.
[Switch] public-key local create ecdsa secp256r1 Generating Keys...
# Enable the SSH server function.
[Switch] ssh server enable
# Configure an IP address for VLAN-interface 2. The Stelnet client uses this address as the destination address of the SSH connection.
[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.40 255.255.255.0 [Switch-Vlan-interface2] quit
# Set the authentication mode to AAA for the user interfaces.
[Switch] user-interface vty 0 15 [Switch-ui-vty0-15] authentication-mode scheme
# Enable the user interface to support SSH.
[Switch-ui-vty0-15] protocol inbound ssh
# Set the user command privilege level to 3.
[Switch-ui-vty0-15] user privilege level 3 [Switch-ui-vty0-15] quit
# Import the client's public key from file key.pub and name it SwitchKey.
[Switch] public-key peer SwitchKey import sshkey key.pub
# Specify the authentication method for user client002 as publickey, and assign the public key SwitchKey to the user.
[Switch] ssh user client002 service-type stelnet authentication-type publickey assign publickey SwitchKey
Specify the private key file and establish a connection to the Stelnet server:
Launch PuTTY.exe on the Stelnet client to enter the interface as shown in Figure 97.
In the Host Name (or IP address) field, enter the IP address of the Stelnet server 192.168.1.40.
Click Browse… to bring up the file selection window, navigate to the private key file (private.ppk), and click OK.
Figure 97: Specifying the host name (or IP address)
Select Connection > SSH > Auth from the navigation tree.
The window as shown in Figure 98 appears.
Click Browse… to bring up the file selection window, navigate to the private key file (private.ppk), and click OK.
Figure 98: Specifying the private key file
Click Open to connect to the server.
If the connection is successfully established, the system prompts you to enter the username and password. After entering the username (client002), you can enter the CLI of the server.