3com WX3000 User Manual

 

1-34 

[device-Vlan-interface1] quit 

# Generate RSA and DSA key pairs. 

[device] public-key local create rsa 

[device] public-key local create dsa 

# Set AAA authentication on user interfaces. 

[device] user-interface vty 0 4 

[device-ui-vty0-4] authentication-mode scheme 

# Configure the user interfaces to support SSH. 

[device-ui-vty0-4] protocol inbound ssh 

# Set the user command privilege level to 3. 

[device-ui-vty0-4] user privilege level 3 

[device-ui-vty0-4] quit 

# Specify the authentication type for user client001 as publickey. 

[device] ssh user client001 authentication-type publickey 

 

Before doing the following steps, you must first generate a DSA key pair on the client and save the key 

pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP. For 

details, refer to the following “Configure Switch A”. 

 

# Import the client’s public key file Switch001 and name the public key as Switch001. 

[device] public-key peer Switch001 import sshkey Switch001 

# Assign public key Switch001 to user client001 

[device] ssh user client001 assign rsa-key Switch001 

# Export the generated DSA host public key pair to a file named Switch002. 

[device] public-key local export dsa ssh2 Switch002 

 

When first-time authentication is not supported, you must first generate a DSA key pair on the server 

and save the key pair in a file named Switch002, and then upload the file to the SSH client through FTP 

or TFTP. 

 

z 

Configure Switch A 

# Create a VLAN interface on the device and assign an IP address, which serves as the SSH client’s 

address in an SSH connection. 

<device> system-view 

[device] interface vlan-interface 1