R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

161

162

163

164

165

166

167

168

169

170

158

<FirewallB> system-view

[FirewallB] public-key local create rsa

[FirewallB] public-key local create dsa

[FirewallB] ssh server enable

# Enable the SFTP server.

[FirewallB] sftp server enable

# Configure an IP address for interface GigabitEthernet 0/0, which the client will use as the destination

for SSH connection.

[FirewallB] interface gigabitethernet 0/0

[FirewallB-GigabitEthernet0/0] ip address 192.168.0.1 255.255.255.0

[FirewallB-GigabitEthernet0/0] quit

# Set the authentication mode of the user interfaces to AAA. (AAA adopts the default ISP domain system

and the default scheme local.)

[FirewallB] user-interface vty 0 4

[FirewallB-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[FirewallB-ui-vty0-4] protocol inbound ssh

[FirewallB-ui-vty0-4] quit

NOTE:

Before performing the following tasks, you must use the client software to generate RSA key pairs on the

client, save the host public key in a file named pubkey, and then upload the file to the SSH server throu

FTP or TFTP. For more information, see “Configure the client (Firewall A).”

# Import the peer public key from the file pubkey.

[FirewallB] public-key peer Firewall001 import sshkey pubkey

# For user client001, set the service type as SFTP, authentication type as publickey, public key as

Firewall001, and working folder as cfa0:/.

[FirewallB] ssh user client001 service-type sftp authentication-type publickey assign

publickey Firewall001 work-directory cfa0:/

2. Configure the client (Firewall A)

# Configure an IP address for interface GigabitEthernet 0/0.

<FirewallA> system-view

[FirewallA] interface gigabitethernet 0/0

[FirewallA-GigabitEthernet0/0] ip address 192.168.0.2 255.255.255.0

[FirewallA-GigabitEthernet0/0] quit

# Generate RSA key pairs.

[FirewallA] public-key local create rsa

# Export the host public key to file pubkey.

[FirewallA] public-key local export rsa ssh2 pubkey

[FirewallA] quit

NOTE:

fter

enera

ing key pairs on the client, you must transmit the saved public key file to the server throu

FTP or TFTP and have the configuration on the server done before continuing configuration of the client.