Example: Configuring NETCONF over SSH with password authentication

Network configuration

As shown in Figure 145:

Figure 145: Network diagram

Procedure

# Generate RSA key pairs.

<Switch> system-view
[Switch] public-key local create rsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.

# Generate a DSA key pair.

[Switch] public-key local create dsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+.
Create the key pair successfully.

# Generate an ECDSA key pair.

[Switch] public-key local create ecdsa secp256r1
Generating Keys...
.
Create the key pair successfully.

# Enable NETCONF over SSH.

[Switch] netconf ssh server enable

# Configure an IP address for VLAN-interface 2. The client uses this address as the destination for NETCONF-over-SSH connection.

[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.40 255.255.255.0
[Switch-Vlan-interface2] quit

# Set the authentication mode to AAA for user lines.

[Switch] line vty 0 63
[Switch-line-vty0-63] authentication-mode scheme
[Switch-line-vty0-63] quit

# Create a local device management user named client001.

[Switch] local-user client001 class manage

# Set the password to aabbcc in plain text for local user client001.

[Switch-luser-manage-client001] password simple aabbcc

# Authorize local user client001 to use the SSH service.

[Switch-luser-manage-client001] service-type ssh

# Assign the network-admin user role to local user client001.

[Switch-luser-manage-client001] authorization-attribute user-role network-admin
[Switch-luser-manage-client001] quit

# Create an SSH user named client001. Specify the service type as NETCONF and the authentication method as password for the user.

[Switch] ssh user client001 service-type netconf authentication-type password

Verifying the configuration

# Verify that you can perform NETCONF operations after logging in to the switch. (Details not shown.)