1-37Under the publickey authentication mode, either the RSA or DSA public key can be generated for theserver to authenticate the client. Here takes the RSA public key as an example.z Configure the SSH server# Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as thedestination for SSH connection. system-view[Switch] interface vlan-interface 1[Switch-Vlan-interface1] ip address 192.168.0.1 255.255.255.0[Switch-Vlan-interface1] quitGenerating the RSA and DSA key pairs on the server is prerequisite to SSH login.# Generate RSA and DSA key pairs.[Switch] public-key local create rsa[Switch] public-key local create dsa# Set the authentication mode for the user interfaces to AAA.[Switch] user-interface vty 0 4[Switch-ui-vty0-4] authentication-mode scheme# Enable the user interfaces to support SSH.[Switch-ui-vty0-4] protocol inbound ssh# Set the client’s command privilege level to 3[Switch-ui-vty0-4] user privilege level 3[Switch-ui-vty0-4] quit# Configure the authentication type of the SSH client named client 001 as publickey.[Switch] ssh user client001 authentication-type publickeyBefore performing the following steps, you must generate an RSA public key pair (using the clientsoftware) on the client, save the key pair in a file named public, and then upload the file to the SSHserver through FTP or TFTP. For details, refer to the SSH client configuration part. .# Import the client’s public key named Switch001 from file public.[Switch] public-key peer Switch001 import sshkey public# Assign the public key Switch001 to client client001.[Switch] ssh user client001 assign publickey Switch001
