R0106-HP MSR Router Series Security Configuration Guide(V7)
348
# Establish an SSH connection to the server, and specify the host public key of the server.
<RouterA> ssh2 192.168.1.40 publickey key1
Username: client001
client001@192.168.1.40's password:
After you enter the correct password, you log in to Router B successfully.
{ If you do not configure the server's host public key on the client, when you access the server, the
system will prompt you to confirm whether to continue with the access. Select Yes to access the
server and download the server's host public key.
<RouterA> ssh2 192.168.1.40
Username: client001
The server is not authenticated. Continue? [Y/N]:y
Do you want to save the server public key? [Y/N]:y
client001@192.168.1.40's password:
After you enter the correct password, you can access Router B successfully. At the next
connection attempt, the client authenticates the server by using the saved server's host public
key on the client.
Publickey authentication enabled Stelnet client configuration
example
Network requirements
As shown in Figure 100:
• You can log in to Router B through the Stelnet client that runs on Router A.
• After login, you are assigned the user role network-admin for configuration management.
• Router B acts as the Stelnet server and uses publickey authentication and the DSA public key
algorithm.
Figure 100 Network diagram
Configuration procedure
In the server configuration, the client's host public key is required. Use the client software to generate a
DSA key pair on the client before configuring the Stelnet server.
1. Configure the Stelnet client:
# Assign an IP address to interface GigabitEthernet 2/1/1.
<RouterA> system-view
[RouterA] interface gigabitethernet 2/1/1
[RouterA-GigabitEthernet2/1/1] ip address 192.168.1.56 255.255.255.0
[RouterA-GigabitEthernet2/1/1] quit
# Generate a DSA key pair.
[RouterA] public-key local create dsa
The range of public key size is (512 ~ 2048).