Publickey authentication enabled Stelnet client configuration example
Network requirements
As shown in Figure 100:
You can log in to Switch B through the Stelnet client that runs on Switch A.
Switch B acts as the Stelnet server and uses publickey authentication and the DSA public key algorithm.
Figure 100: Network diagram
Configuration procedure
In the server configuration, the client public key is required. Use the client software to generate a DSA key pair on the client before configuring the Stelnet server.
Configure the Stelnet client:
# Create VLAN-interface 2 and assign an IP address to it.
<SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.1.56 255.255.255.0 [SwitchA-Vlan-interface2] quit
# Generate a DSA key pair.
[SwitchA] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++
# Export the DSA public key to file key.pub.
[SwitchA] public-key local export dsa ssh2 key.pub [SwitchA] quit
# Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Configure the Stelnet server:
# Generate RSA key pairs.
<SwitchB> system-view [SwitchB] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++
# Generate a DSA key pair.
[SwitchB] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++
# Enable the SSH server function.
[SwitchB] ssh server enable
# Configure an IP address for VLAN-interface 2. The SSH client uses this address as the destination address for SSH connection.
[SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ip address 192.168.1.40 255.255.255.0 [SwitchB-Vlan-interface2] quit
# Set the authentication mode to AAA for the user interfaces.
[SwitchB] user-interface vty 0 15 [SwitchB-ui-vty0-15] authentication-mode scheme
# Enable the user interface to support SSH.
[SwitchB-ui-vty0-15] protocol inbound ssh
# Set the user command privilege level to 3.
[SwitchB-ui-vty0-15] user privilege level 3 [SwitchB-ui-vty0-15] quit
# Import the peer public key from the file key.pub, and name it SwitchKey.
[SwitchB] public-key peer SwitchKey import sshkey key.pub
# Specify the authentication method for user client002 as publickey, and assign the public key SwitchKey to the user.
[SwitchB] ssh user client002 service-type stelnet authentication-type publickey assign publickey SwitchKey
Establish a connection to the Stelnet server.
<SwitchA> ssh2 192.168.1.40 Username: client002 Trying 192.168.1.40 ... Press CTRL+K to abort Connected to 192.168.1.40 ... The Server is not authenticated. Continue? [Y/N]:y Do you want to save the server public key? [Y/N]:n
Then, you can log in to Router B successfully.