Example: Configuring the device as an Stelnet client (password authentication)

Network configuration

As shown in Figure 136:

Figure 136: Network diagram

Procedure

  1. Configure the Stelnet server:

    # Generate RSA key pairs.

    <SwitchB> system-view
    [SwitchB] public-key local create rsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    ........................++++++
    ...................++++++
    ..++++++++
    ............++++++++
    Create the key pair successfully.
    

    # Generate a DSA key pair.

    [SwitchB] public-key local create dsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    .++++++++++++++++++++++++++++++++++++++++++++++++++*
    ........+......+.....+......................................+
    ...+.................+..........+...+
    Create the key pair successfully.
    

    # Generate an ECDSA key pair.

    [SwitchB] public-key local create ecdsa secp256r1
    Generating Keys...
    .
    Create the key pair successfully.
    

    # Enable the Stelnet server.

    [SwitchB] ssh server enable
    

    # Assign an IP address to VLAN-interface 2. The Stelnet client uses this address as the destination address of the SSH connection.

    [SwitchB] interface vlan-interface 2
    [SwitchB-Vlan-interface2] ip address 192.168.1.40 255.255.255.0
    [SwitchB-Vlan-interface2] quit
    

    # Set the authentication mode to AAA for user lines.

    [SwitchB] line vty 0 63
    [SwitchB-line-vty0-63] authentication-mode scheme
    [SwitchB-line-vty0-63] quit
    

    # Create a local device management user named client001.

    [SwitchB] local-user client001 class manage
    

    # Set the password to aabbcc in plain text for local user client001.

    [SwitchB-luser-manage-client001] password simple aabbcc
    

    # Authorize local user client001 to use the SSH service.

    [SwitchB-luser-manage-client001] service-type ssh
    

    # Assign the network-admin user role to local user client001.

    [SwitchB-luser-manage-client001] authorization-attribute user-role network-admin
    [SwitchB-luser-manage-client001] quit
    

    # Create an SSH user named client001. Specify the service type as stelnet and the authentication method as password for the user.

    [SwitchB] ssh user client001 service-type stelnet authentication-type password
    
  2. Establish a connection to the Stelnet server:

    # Assign an IP address to VLAN-interface 2.

    <SwitchA> system-view
    [SwitchA] interface vlan-interface 2
    [SwitchA-Vlan-interface2] ip address 192.168.1.56 255.255.255.0
    [SwitchA-Vlan-interface2] quit
    [SwitchA] quit
    

    Before establishing a connection to the server, you can configure the server's host public key on the client to authenticate the server.

    • To configure the server's host public key on the client, perform the following tasks:

      # Use the display public-key local dsa public command on the server to display the server's host public key. (Details not shown.)

      # Enter public key view of the client and copy the host public key of the server to the client.

      [SwitchA] public-key peer key1
      Enter public key view. Return to system view with "peer-public-key end" command.
      [SwitchA-pkey-public-key-key1]308201B73082012C06072A8648CE3804013082011F0281810
      0D757262C4584C44C211F18BD96E5F0
      [SwitchA-pkey-public-key-key1]61C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE
      65BE6C265854889DC1EDBD13EC8B274
      [SwitchA-pkey-public-key-key1]DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B0
      6FD60FE01941DDD77FE6B12893DA76E
      [SwitchA-pkey-public-key-key1]EBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B3
      68950387811C7DA33021500C773218C
      [SwitchA-pkey-public-key-key1]737EC8EE993B4F2DED30F48EDACE915F0281810082269009E
      14EC474BAF2932E69D3B1F18517AD95
      [SwitchA-pkey-public-key-key1]94184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02
      492B3959EC6499625BC4FA5082E22C5
      [SwitchA-pkey-public-key-key1]B374E16DD00132CE71B020217091AC717B612391C76C1FB2E
      88317C1BD8171D41ECB83E210C03CC9
      [SwitchA-pkey-public-key-key1]B32E810561C21621C73D6DAAC028F4B1585DA7F42519718CC
      9B09EEF0381840002818000AF995917
      [SwitchA-pkey-public-key-key1]E1E570A3F6B1C2411948B3B4FFA256699B3BF871221CC9C5D
      F257523777D033BEE77FC378145F2AD
      [SwitchA-pkey-public-key-key1]D716D7DB9FCABB4ADBF6FB4FDB0CA25C761B308EF53009F71
      01F7C62621216D5A572C379A32AC290
      [SwitchA-pkey-public-key-key1]E55B394A217DA38B65B77F0185C8DB8095522D1EF044B465E
      8716261214A5A3B493E866991113B2D
      [SwitchA-pkey-public-key-key1]485348
      [SwitchA-pkey-public-key-key1] peer-public-key end
      [SwitchA] quit
      

      # Establish an SSH connection to the server, and specify the host public key of the server.

      <SwitchA> ssh2 192.168.1.40 public-key key1
      Username: client001
      Press CTRL+C to abort.
      Connecting to 192.168.1.40 port 22.
      client001@192.168.1.40's password:
      Enter a character ~ and a dot to abort.
      
      ******************************************************************************
      * Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP          *
      * Without the owner's prior written consent,                                 *
      * no decompiling or reverse-engineering shall be allowed.                    *
      ******************************************************************************
      
      <SwitchB>
      

      After you enter username client001 and password aabbcc, you can successfully log in to Switch B.

    • If the client does not have the server's host public key, enter username client001, and then enter y to access the server and download the server's host public key.

      <SwitchA> ssh2 192.168.1.40
      Username: client001
      Press CTRL+C to abort.
      Connecting to 192.168.1.40 port 22.
      The server is not authenticated. Continue? [Y/N]:y
      Do you want to save the server public key? [Y/N]:y
      client001@192.168.1.40's password:
      Enter a character ~ and a dot to abort.
      
      ******************************************************************************
      * Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP          *
      * Without the owner's prior written consent,                                 *
      * no decompiling or reverse-engineering shall be allowed.                    *
      ******************************************************************************
      
      <SwitchB>
      

      After you enter password aabbcc, you can access Switch B successfully. At the next connection attempt, the client authenticates the server by using the saved server's host public key on the client.