Publickey authentication enabled Stelnet client configuration example

Network requirements

As shown in Figure 100:

Figure 100: Network diagram

Configuration procedure

In the server configuration, the client public key is required. Use the client software to generate a DSA key pair on the client before configuring the Stelnet server.

  • Configure the Stelnet client:

  • # Create VLAN-interface 2 and assign an IP address to it.

    <SwitchA> system-view
    [SwitchA] interface vlan-interface 2
    [SwitchA-Vlan-interface2] ip address 192.168.1.56 255.255.255.0
    [SwitchA-Vlan-interface2] quit
    

    # Generate a DSA key pair.

    [SwitchA] public-key local create dsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++
    

    # Export the DSA public key to file key.pub.

    [SwitchA] public-key local export dsa ssh2 key.pub
    [SwitchA] quit
    

    # Transmit the public key file to the server through FTP or TFTP. (Details not shown.)

  • Configure the Stelnet server:

  • # Generate RSA key pairs.

    <SwitchB> system-view
    [SwitchB] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++
    ++++++++++++++
    +++++
    ++++++++
    

    # Generate a DSA key pair.

    [SwitchB] public-key local create dsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++
    

    # Enable the SSH server function.

    [SwitchB] ssh server enable
    

    # Configure an IP address for VLAN-interface 2. The SSH client uses this address as the destination address for SSH connection.

    [SwitchB] interface vlan-interface 2
    [SwitchB-Vlan-interface2] ip address 192.168.1.40 255.255.255.0
    [SwitchB-Vlan-interface2] quit
    

    # Set the authentication mode to AAA for the user interfaces.

    [SwitchB] user-interface vty 0 15
    [SwitchB-ui-vty0-15] authentication-mode scheme
    

    # Enable the user interface to support SSH.

    [SwitchB-ui-vty0-15] protocol inbound ssh
    

    # Set the user command privilege level to 3.

    [SwitchB-ui-vty0-15] user privilege level 3
    [SwitchB-ui-vty0-15] quit
    

    # Import the peer public key from the file key.pub, and name it SwitchKey.

    [SwitchB] public-key peer SwitchKey import sshkey key.pub
    

    # Specify the authentication method for user client002 as publickey, and assign the public key SwitchKey to the user.

    [SwitchB] ssh user client002 service-type stelnet authentication-type publickey assign publickey SwitchKey
    
  • Establish a connection to the Stelnet server.

  • <SwitchA> ssh2 192.168.1.40
    Username: client002
    Trying 192.168.1.40 ...
    Press CTRL+K to abort
    Connected to 192.168.1.40 ...
    
    The Server is not authenticated. Continue? [Y/N]:y
    Do you want to save the server public key? [Y/N]:n
    

    Then, you can log in to Router B successfully.