R21xx-HP FlexFabric 11900 Security Configuration Guide
104
[SwitchA] quit
Then, transmit the public key file key.pub to the server through FTP or TFTP. (Details not shown.)
2. Configure the Stelnet server:
# Generate the RSA key pairs.
<SwitchB> system-view
[SwitchB] public-key local create rsa
The range of public key size is (512 ~ 2048)
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
# Generate a DSA key pair.
[SwitchB] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+
# Enable SSH server function.
[SwitchB] ssh server enable
# Assign an IP address to VLAN-interface 2, which the Stelnet client will use as the destination
address of the SSH connection.
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 192.168.1.40 255.255.255.0
[SwitchB-Vlan-interface2] quit
# Set the authentication mode for the user interfaces to AAA.
[SwitchB] user-interface vty 0 15
[SwitchB-ui-vty0-15] authentication-mode scheme
[SwitchB-ui-vty0-15] quit
# Import the peer public key from the file key.pub, and name it switchkey.
[SwitchB] public-key peer switchkey import sshkey key.pub
# Create the SSH user client002 with the authentication method publickey, and assign the public
key switchkey to the user.
[SwitchB] ssh user client002 service-type stelnet authentication-type publickey
assign publickey switchkey
# Create a local device management user client002 with the service type ssh and the user role
network-admin.
[SwitchB] local-user client002 class manage
[SwitchB-luser-manage-client002] service-type ssh
[SwitchB-luser-manage-client002] authorization-attribute user-role network-admin