R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

149

<FirewallB> system-view

[FirewallB] public-key local create rsa

[FirewallB] public-key local create dsa

[FirewallB] ssh server enable

# Configure an IP address for interface GigabitEthernet 0/0, which the SSH client will use as the

destination for SSH connection.

[FirewallB] interface gigabitethernet 0/0

[FirewallB-GigabitEthernet0/0] ip address 10.165.87.136 255.255.255.0

[FirewallB-GigabitEthernet0/0] quit

# Set the authentication mode for the user interfaces to AAA.

[FirewallB] user-interface vty 0 4

[FirewallB-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[FirewallB-ui-vty0-4] protocol inbound ssh

[FirewallB-ui-vty0-4] quit

# Create local user client001.

[FirewallB] local-user client001

[FirewallB-luser-client001] password simple aabbcc

[FirewallB-luser-client001] service-type ssh

[FirewallB-luser-client001] authorization-attribute level 3

[FirewallB-luser-client001] quit

# Specify the service type for user client001 as Stelnet, and the authentication type as password. This

step is optional.

[FirewallB] ssh user client001 service-type stelnet authentication-type password

2. Configure the SSH client

# Configure an IP address for interface GigabitEthernet 0/0.

<FirewallA> system-view

[FirewallA] interface gigabitethernet 0/0

[FirewallA-GigabitEthernet0/0] ip address 10.165.87.137 255.255.255.0

[FirewallA-GigabitEthernet0/0] quit

[FirewallA] quit

• If the client support first-time authentication, you can directly establish a connection from the client

to the server.

# Establish an SSH connection to server 10.165.87.136.

<FirewallA> ssh2 10.165.87.136

Username: client001

Trying 10.165.87.136 ...

Press CTRL+K to abort

Connected to 10.165.87.136 ...

The Server is not authenticated. Continue? [Y/N]:y

Do you want to save the server public key? [Y/N]:n

Enter password:

After you enter the correct password, you can log into Firewall B successfully.

• If the client does not support first-time authentication, you must perform the following configurations.