3com 4210 PWR 9-Port 3CR17341-91-ME User Manual
Product codes
3CR17341-91-ME
SSH Configuration Examples
421
<4210> system-view
[4210] interface vlan-interface 1
[4210-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[4210-Vlan-interface1] quit
c
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[4210] public-key local create rsa
[4210] public-key local create dsa
# Set AAA authentication on user interfaces.
[4210] user-interface vty 0 4
[4210-ui-vty0-4] authentication-mode scheme
# Configure the user interfaces to support SSH.
[4210-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[4210-ui-vty0-4] user privilege level 3
[4210-ui-vty0-4] quit
# Specify the authentication type for user client001 as publickey.
[4210] ssh user client001 authentication-type publickey
n
Before performing the following steps, you must first generate a DSA key pair on
the client and save the public key in a file named Switch001, and then upload the
file to the SSH server through FTP or TFTP. For details, refer to the following
"Configure Switch A".
the client and save the public key in a file named Switch001, and then upload the
file to the SSH server through FTP or TFTP. For details, refer to the following
"Configure Switch A".
# Import the client’s public key file Switch001 and name the public key as
Switch001.
Switch001.
[4210] public-key peer Switch001 import sshkey Switch001
# Assign public key Switch001 to user client001
[4210] ssh user client001 assign publickey Switch001
# Export the generated DSA host public key to a file named Switch002.
[4210] public-key local export dsa ssh2 Switch002
n
When first-time authentication is not supported, you must first generate a DSA
public key on the server and save the key pair in a file named Switch002, and then
upload the file to the SSH client through FTP or TFTP.
public key on the server and save the key pair in a file named Switch002, and then
upload the file to the SSH client through FTP or TFTP.
■
Configure Switch A
# Create a VLAN interface on the switch and assign an IP address, which serves
as the SSH client’s address in an SSH connection.
as the SSH client’s address in an SSH connection.
<4210> system-view
[4210] interface vlan-interface 1
[4210-Vlan-interface1] ip address 10.165.87.137 255.255.255.0
[4210-Vlan-interface1] quit
# Generate a DSA key pair
[4210] public-key local create dsa
# Export the generated DSA host public key to a file named Switch001.
[4210] public-key local export dsa ssh2 Switch001