Manualshelf

R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
141142143144145146147148149150
142
Figure 61 Firewall acts as server for password authentication
Configuration procedure
1. Configure the SSH server
# Generate RSA and DSA key pairs and enable SSH server.
<Firewall> system-view
[Firewall] public-key local create rsa
[Firewall] public-key local create dsa
[Firewall] ssh server enable
# Configure an IP address for interface GigabitEthernet 0/0, which the SSH client will use as the
destination for SSH connection.
[Firewall] interface gigabitethernet 0/0
[Firewall-GigabitEthernet0/0] ip address 192.168.1.40 255.255.255.0
[Firewall-GigabitEthernet0/0] quit
# Set the authentication mode for the user interfaces to AAA.
[Firewall] user-interface vty 0 4
[Firewall-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[Firewall-ui-vty0-4] protocol inbound ssh
[Firewall-ui-vty0-4] quit
# Create local user client001, and set the user command privilege level to 3.
[Firewall] local-user client001
[Firewall-luser-client001] password simple aabbcc
[Firewall-luser-client001] service-type ssh
[Firewall-luser-client001] authorization-attribute level 3
[Firewall-luser-client001] quit
# Specify the service type for user client001 as Stelnet, and the authentication mode as password. This
step is optional.
[Firewall] ssh user client001 service-type stelnet authentication-type password
2. Configure the SSH client
NOTE:
There are a variety of SSH client software, such as PuTTY, and OpenSSH. The following is an example of
configuring SSH client using Putty Version 0.58.
# Establish a connection with the SSH server
Launch PuTTY.exe to enter the following interface. In the Host Name (or IP address) text box, enter the IP
address of the server.