Shulou(Shulou.com)06/01 Report--

The switch configures ssh password authentication login method

1. Background:

1. As the PC serial port does not support hot swapping, please do not insert or unplug the serial port into or out of the PC when the switch is charged. When connecting the PC and the switch, install the DB-9 terminal configured with the cable to the PC, and then connect the RJ-45 to the switch; when removing, unplug the RJ-45 terminal, and then unplug the DB- 9 terminal.

2. Restore the factory-set switch

Reset saved-configuration

3. Restart the device

Must be restarted to take effect

II. VLAN configuration

1. Delete vlan

In system mode: undo vlan ID number

2. Create vlan

[H3C] vlan 100

3. Add the port to the vlan

[H3C-vlan100] port GigabitEthernet 1-0-1 to GigabitEthernet 1-0-16

4. Create vlan200 and vlan300 in the same way

Add ports to the valn separately

[H3C-vlan200] port GigabitEthernet 1-0-17 to GigabitEthernet 1-0-32

[H3C-vlan300] port GigabitEthernet 1-0-33 to GigabitEthernet 1-0-44

Note: by default, all ports are in vlan1, and the remaining ports of this device are in vlan1.

5. Configure the management address for VLAN

[H3C] interface Vlan-interface 100

[H3C-Vlan-interface100] ip address 192.168.5.189 255.255.255.0

3. Enable ssh management

In system configuration mode:

View ssh status information:

[H3C] display ssh server status

If it's SSH server:Disable,

Then you need to open the ssh service.

[H3C] ssh server enable

4. Create ssh usage and grant permissions

Note: different users are established at different levels. Level3 is the highest privilege, and 0 is the lowest privilege.

1. When a user logs in to the switch using SSH, the switch authenticates the user with a password to log in.

Generate RSA and DSA key pairs

[H3C] public-key local create rsa

[H3C] public-key local create dsa

Note:

(1) although a client only uses one of the DSA and RSA public key algorithms to authenticate the server, because different clients support different public key algorithms, in order to ensure that the client can successfully log in to the server, it is recommended to generate DSA and RSA key pairs on the server.

(2) if the switch is created, it still exists after rebooting.

2. Set the authentication mode on the user interface to AAA, and let the user interface support SSH protocol.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme

Note:

If the supported protocol is SSH configured on this user interface, to ensure a successful login, be sure to configure the login user interface with authentication-mode scheme (with AAA authentication).

[H3C-ui-vty0-4] protocol inbound ssh

3. Create a user

In system configuration mode:

[H3C] local-user cdc_admin

4. Create a password

[H3C-luser-cdc_admin] password cipher password

5. Define the login protocol

[H3C-luser-cdc_admin] service-type ssh

6. Create a user level

[H3C-luser-cdc_admin] authorization-attribute level 3

7. Configure the service type of SSH user client001 to be Stelnet, and the authentication method is password authentication. (this step may not be configured)

[H3C] ssh user cdc_admin service-type stelnet authentication-type password

8. Backup configuration information

Backup configuration information to prevent loss after restart

Save

Fifth, the client verifies login information

1. Use SCRT to connect normally.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.