Example: Configuring the device as an Stelnet server (publickey authentication)
Network configuration
As shown in Figure 129:
The switch acts as the Stelnet server, and it uses publickey authentication and the RSA public key algorithm.
The host acts as the Stelnet client, using Stelnet client software (SSH2). After the user on the host logs in to the switch through Stelnet, the user can configure and manage the switch as a network administrator.
Figure 129: Network diagram
Procedure
In the server configuration, the client's host public key is required. Use the client software to generate RSA key pairs on the client before configuring the Stelnet server.
There are different types of Stelnet client software, such as PuTTY and OpenSSH. This example uses an Stelnet client that runs PuTTY version 0.58.
The configuration procedure is as follows:
Generate RSA key pairs on the Stelnet client:
Run PuTTYGen.exe on the client, select SSH-2 RSA and click Generate.
Figure 130: Generating a key pair on the client
Continue moving the mouse during the key generating process, but do not place the mouse over the green progress bar shown in Figure 131. Otherwise, the progress bar stops moving and the key pair generating progress stops.
Figure 131: Generating process
After the key pair is generated, click Save public key to save the public key.
A file saving window appears.
Figure 132: Saving a key pair on the client
Enter a file name (key.pub in this example), and click Save.
On the page shown in Figure 132, click Save private key to save the private key.
A confirmation dialog box appears.
Click Yes.
A file saving window appears.
Enter a file name (private.ppk in this example), and click Save.
Transmit the public key file to the server through FTP or TFTP. (Details not shown.)
Configure the Stelnet server:
# Generate RSA key pairs.
<Switch> system-view [Switch] public-key local create rsa The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... ........................++++++ ...................++++++ ..++++++++ ............++++++++ Create the key pair successfully.
# Generate a DSA key pair.
[Switch] public-key local create dsa The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... .++++++++++++++++++++++++++++++++++++++++++++++++++* ........+......+.....+......................................+ ...+.................+..........+...+ Create the key pair successfully.
# Generate an ECDSA key pair.
[Switch] public-key local create ecdsa secp256r1 Generating Keys... . Create the key pair successfully.
# Enable the Stelnet server.
[Switch] ssh server enable
# Assign an IP address to VLAN-interface 2. The Stelnet client uses this IP address as the destination for SSH connection.
[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.40 255.255.255.0 [Switch-Vlan-interface2] quit
# Set the authentication mode to AAA for user lines.
[Switch] line vty 0 63 [Switch-line-vty0-63] authentication-mode scheme [Switch-line-vty0-63] quit
# Import the client's public key from the public key file key.pub and name it switchkey.
[Switch] public-key peer switchkey import sshkey key.pub
# Create an SSH user named client002. Specify the authentication method as publickey for the user, and assign the public key switchkey to the user.
[Switch] ssh user client002 service-type stelnet authentication-type publickey assign publickey switchkey
# Create a local device management user named client002.
[Switch] local-user client002 class manage
# Authorize local user client002 to use the SSH service.
[Switch-luser-manage-client002] service-type ssh
# Assign the network-admin user role to local user client002.
[Switch-luser-manage-client002] authorization-attribute user-role network-admin [Switch-luser-manage-client002] quit
Specify the private key file and establish a connection to the Stelnet server:
Launch PuTTY.exe on the Stelnet client to enter the interface shown in Figure 133.
In the Host Name (or IP address) field, enter IP address 192.168.1.40 of the Stelnet server.
Figure 133: Specifying the host name (or IP address)
From the navigation tree, select Connection > SSH.
The window shown in Figure 134 appears.
Set Preferred SSH protocol version to 2.
Figure 134: Setting the preferred SSH version
From the navigation tree, select Connection > SSH > Auth.
The window shown in Figure 135 appears.
Click Browse… to open the file selection window, and then select the private key file (private.ppk in this example).
Click Open.
Figure 135: Specifying the private key file
Entering username client002 to log in to the Stelnet server.