The results of the
display rsa local-key-pair public
command or the public key converted with the
SSHKEY tool contains no information such as the authentication type, so they cannot be directly used
as parameters in the
public-key peer
command. For the same reason, neither can the results of the
display public-key local rsa public
command be used in the
rsa peer-public-key
command directly.
SSH Configuration Examples
When Switch Acts as Server for Local Password Authentication
Network requirements
As shown in
Figure 55-11
, establish an SSH connection between the host (SSH Client) and the switch
(SSH Server) for secure data exchange. The host runs SSH2.0 client software. Password
authentication is required.
Network diagram
Figure 55-11
Switch acts as server for local password authentication
Configuration procedure
z
Configure the SSH server
# Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the
destination for SSH connection.
<Switch> system-view
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.0.1 255.255.255.0
[Switch-Vlan-interface1] quit
Generating the RSA key pair on the server is prerequisite to SSH login.
# Generate RSA key pair.
[Switch] public-key local create rsa
# Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme