HP A 5120 Manual
Have a look at the manual HP A 5120 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 227
217
Establishing a connection between the SSH client and server
Follow these steps to establish the connection between the SSH client and the server:
To do... Use the command… Remarks
Establish a
connection
between the
SSH client and
the server, and
specify the
public key
algorithm,
preferred
encryption
algorithm,
preferred
HMAC
algorithm and
preferred key
exchange
algorithm
For an IPv4
server
ssh2 server [ port-number ] [identity-key
{ dsa | rsa } | prefer-ctos-cipher { 3des
|...](http://img.usermanuals.tech/thumb/36/96159/w64_a-5120-manual-1505837221_d-226.png "Page 227
217
Establishing a connection between the SSH client and server
Follow these steps to establish the connection between the SSH client and the server:
To do... Use the command… Remarks
Establish a
connection
between the
SSH client and
the server, and
specify the
public key
algorithm,
preferred
encryption
algorithm,
preferred
HMAC
algorithm and
preferred key
exchange
algorithm
For an IPv4
server
ssh2 server [ port-number ] [identity-key
{ dsa | rsa } | prefer-ctos-cipher { 3des
|...")
![Page 229
219
# Enable the SSH server.
[Switch] ssh server enable
# Configure an IP address for VLAN-interface 1. This address will serve as the destination of the SSH
connection.
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0
[Switch-Vlan-interface1] quit
# Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH....](http://img.usermanuals.tech/thumb/36/96159/w64_a-5120-manual-1505837221_d-228.png "Page 229
219
# Enable the SSH server.
[Switch] ssh server enable
# Configure an IP address for VLAN-interface 1. This address will serve as the destination of the SSH
connection.
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0
[Switch-Vlan-interface1] quit
# Set the authentication mode for the user interfaces to AAA.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH....")
![Page 233
223
Likewise, to save the private key, click Save private key. A warning window pops up to prompt you
whether to save the private key without any protection. Click Yes and enter the name of the file for saving
the key—private in this case.
Figure 64 Save a key pair on the client 4)
Then, transmit the public key file to the server through FTP or TFTP.
2. Configure the SSH server
# Generate the RSA key pairs.
system-view
[Switch] public-key local create rsa
The range of...](http://img.usermanuals.tech/thumb/36/96159/w64_a-5120-manual-1505837221_d-232.png "Page 233
223
Likewise, to save the private key, click Save private key. A warning window pops up to prompt you
whether to save the private key without any protection. Click Yes and enter the name of the file for saving
the key—private in this case.
Figure 64 Save a key pair on the client 4)
Then, transmit the public key file to the server through FTP or TFTP.
2. Configure the SSH server
# Generate the RSA key pairs.
system-view
[Switch] public-key local create rsa
The range of...")
![Page 234
224
[Switch-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[Switch-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[Switch-ui-vty0-4] user privilege level 3
[Switch-ui-vty0-4] quit
# Import the client’s public key from file key.pub and name it Switch001.
[Switch] public-key peer Switch001 import sshkey key.pub
# Specify the authentication method for user client002 as publickey, and assign the public key Switch001
to the user....](http://img.usermanuals.tech/thumb/36/96159/w64_a-5120-manual-1505837221_d-233.png "Page 234
224
[Switch-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[Switch-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[Switch-ui-vty0-4] user privilege level 3
[Switch-ui-vty0-4] quit
# Import the client’s public key from file key.pub and name it Switch001.
[Switch] public-key peer Switch001 import sshkey key.pub
# Specify the authentication method for user client002 as publickey, and assign the public key Switch001
to the user....")
![Page 236
226
[SwitchB] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++
++++++++++++++
+++++
++++++++
# Generate a DSA key pair.
[SwitchB] public-key local create dsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C...](http://img.usermanuals.tech/thumb/36/96159/w64_a-5120-manual-1505837221_d-235.png "Page 236
226
[SwitchB] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++
++++++++++++++
+++++
++++++++
# Generate a DSA key pair.
[SwitchB] public-key local create dsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C...")
221 1. Configure the SSH client # Generate the RSA key pairs. Run PuTTYGen.exe, select SSH-2 RSA and click Generate. Figure 61 Generate a key pair on the client 1) While the key pair is being generated, you must move the mouse continuously and keep the mouse off the green progress bar shown in Figure 62. Otherwise, the progress bar stops moving and the key pair generating process will be stopped.
222 Figure 62 Generate a key pair on the client 2) After the key pair is generated, click Save public key and specify the file name as key.pub to save the public key. Figure 63 Generate a key pair on the client 3)
223 Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the key—private in this case. Figure 64 Save a key pair on the client 4) Then, transmit the public key file to the server through FTP or TFTP. 2. Configure the SSH server # Generate the RSA key pairs. system-view [Switch] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++ # Generate a DSA key pair. [Switch] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++ # Enable the SSH server. [Switch] ssh server enable # Configure an IP address for VLAN-interface 1. This address will serve as the destination of the SSH connection. [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.1.40 255.255.255.0 [Switch-Vlan-interface1] quit # Set the authentication mode for the user interfaces to AAA. [Switch] user-interface vty 0 4
224 [Switch-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support SSH. [Switch-ui-vty0-4] protocol inbound ssh # Set the user command privilege level to 3. [Switch-ui-vty0-4] user privilege level 3 [Switch-ui-vty0-4] quit # Import the client’s public key from file key.pub and name it Switch001. [Switch] public-key peer Switch001 import sshkey key.pub # Specify the authentication method for user client002 as publickey, and assign the public key Switch001 to the user. [Switch] ssh user client002 service-type stelnet authentication-type publickey assign publickey Switch001 3. Establish a connection between the SSH client and the SSH server # Specify the private key file and establish a connection to the SSH server Launch PuTTY.exe to enter the following interface. In the Host Name or IP address text box, enter the IP address of the server—192.168.1.40. Figure 65 SSH client configuration interface 1) Select Connection > SSH > Auth from the navigation tree. The following window appears. Click Browse… to bring up the file selection window, navigate to the private key file and click OK.
225 Figure 66 SSH client configuration interface 2) Click Open to connect to the server. If the connection is normal, you will be prompted to enter the username. After entering the username client002, you can enter the configuration interface of the server. SSH client configuration examples When switch acts as client for password authentication Network requirements As shown in Figure 67, Switch A (the SSH client) must pass password authentication to log in to Switch B (the SSH server) through the SSH protocol. Configure the username client001 and the password aabbcc for the SSH client on Switch B. Figure 67 Switch acts as client for password authentication Configuration procedure 1. Configure the SSH server # Generate the RSA key pairs. system-view SSH serverSSH client Switch BSwitch A Vlan-int110.165.87.136/24Vlan-int110.165.87.137/24
226 [SwitchB] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++ # Generate a DSA key pair. [SwitchB] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++ # Enable the SSH server. [SwitchB] ssh server enable # Configure an IP address for VLAN-interface 1, which the SSH client will use as the destination for SSH connection. [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0 [SwitchB-Vlan-interface1] quit # Set the authentication mode for the user interfaces to AAA. [SwitchB] user-interface vty 0 4 [SwitchB-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support SSH. [SwitchB-ui-vty0-4] protocol inbound ssh [SwitchB-ui-vty0-4] quit # Create local user client001. [SwitchB] local-user client001 [SwitchB-luser-client001] password simple aabbcc [SwitchB-luser-client001] service-type ssh [SwitchB-luser-client001] authorization-attribute level 3 [SwitchB-luser-client001] quit # Specify the service type for user client001 as stelnet, and the authentication method as password. This step is optional. [SwitchB] ssh user client001 service-type stelnet authentication-type password 2. Establish a connection between the SSH client and the SSH server # Configure an IP address for VLAN-interface 1.
227 system-view [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0 [SwitchA-Vlan-interface1] quit [SwitchA] quit If the client supports first-time authentication, the client directly establishes a connection with the server. # Establish an SSH connection to server 10.165.87.136. ssh2 10.165.87.136 Username: client001 Trying 10.165.87.136 ... Press CTRL+K to abort Connected to 10.165.87.136 ... The Server is not authenticated. Continue? [Y/N]:y Do you want to save the server public key? [Y/N]:n Enter password: After you enter the correct password, the client logs in to Switch B successfully. If the client does not support first-time authentication, perform the following configurations. # Disable first-time authentication. [SwitchA] undo ssh client first-time # Configure the host public key of the SSH server. You can get the server host public key by using the display public-key local dsa public command on the server. [SwitchA] public-key peer key1 [SwitchA-pkey-public-key] public-key-code begin [SwitchA-pkey-key-code]308201B73082012C06072A8648CE3804013082011F0281810 0D757262C4584C44C211F18BD96E5F0 [SwitchA-pkey-key-code]61C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE 65BE6C265854889DC1EDBD13EC8B274 [SwitchA-pkey-key-code]DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B0 6FD60FE01941DDD77FE6B12893DA76E [SwitchA-pkey-key-code]EBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B3 68950387811C7DA33021500C773218C [SwitchA-pkey-key-code]737EC8EE993B4F2DED30F48EDACE915F0281810082269009E 14EC474BAF2932E69D3B1F18517AD95 [SwitchA-pkey-key-code]94184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02 492B3959EC6499625BC4FA5082E22C5 [SwitchA-pkey-key-code]B374E16DD00132CE71B020217091AC717B612391C76C1FB2E 88317C1BD8171D41ECB83E210C03CC9 [SwitchA-pkey-key-code]B32E810561C21621C73D6DAAC028F4B1585DA7F42519718CC 9B09EEF0381840002818000AF995917 [SwitchA-pkey-key-code]E1E570A3F6B1C2411948B3B4FFA256699B3BF871221CC9C5D F257523777D033BEE77FC378145F2AD [SwitchA-pkey-key-code]D716D7DB9FCABB4ADBF6FB4FDB0CA25C761B308EF53009F71 01F7C62621216D5A572C379A32AC290 [SwitchA-pkey-key-code]E55B394A217DA38B65B77F0185C8DB8095522D1EF044B465E
228 8716261214A5A3B493E866991113B2D [SwitchA-pkey-key-code]485348 [SwitchA-pkey-key-code] public-key-code end [SwitchA-pkey-public-key] peer-public-key end # Specify the host public key for the SSH server—10.165.87.136—as key1. [SwitchA] ssh client authentication server 10.165.87.136 assign publickey key1 [SwitchA] quit # Establish an SSH connection to server 10.165.87.136. ssh2 10.165.87.136 Username: client001 Trying 10.165.87.136 Press CTRL+K to abort Connected to 10.165.87.136... Enter password: After you enter the correct password, the client logs in to Switch B successfully. When switch acts as client for publickey authentication Network requirements As shown in Figure 68, Switch A (the SSH client) must pass publickey authentication to log in to Switch B (the SSH server) through the SSH protocol. Use the DSA public key algorithm. Figure 68 Switch acts as client for publickey authentication Configuration procedure NOTE: During SSH server configuration, the client public key is required. Use the client software to generate a DSA key pair on the client before configuring the SSH server. 1. Configure the SSH client # Create VLAN-interface 1 and assign an IP address to it. system-view [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 10.165.87.137 255.255.255.0 [SwitchA-Vlan-interface1] quit # Generate a DSA key pair. [SwitchA] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. SSH serverSSH client Switch BSwitch A Vlan-int110.165.87.136/24Vlan-int110.165.87.137/24
229 Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++ # Export the DSA public key to file key.pub. [SwitchA] public-key local export dsa ssh2 key.pub [SwitchA] quit Then, transmit the public key file to the server through FTP or TFTP. 2. Configure the SSH server # Generate the RSA key pairs. system-view [SwitchB] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++ # Generate a DSA key pair. [SwitchB] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++ # Enable the SSH server. [SwitchB] ssh server enable # Configure an IP address for VLAN-interface 1, which the SSH client will use as the destination for SSH connection. [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ip address 10.165.87.136 255.255.255.0 [SwitchB-Vlan-interface1] quit # Set the authentication mode for the user interfaces to AAA. [SwitchB] user-interface vty 0 4 [SwitchB-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support SSH. [SwitchB-ui-vty0-4] protocol inbound ssh
230 # Set the user command privilege level to 3. [SwitchB-ui-vty0-4] user privilege level 3 [SwitchB-ui-vty0-4] quit # Import the peer public key from the file key.pub. [SwitchB] public-key peer Switch001 import sshkey key.pub # Specify the authentication method for user client002 as publickey, and assign the public key Switch001 to the user. [SwitchB] ssh user client002 service-type stelnet authentication-type publickey assign publickey Switch001 3. Establish a connection between the SSH client and the SSH server # Establish an SSH connection to the server—10.165.87.136. ssh2 10.165.87.136 Username: client002 Trying 10.165.87.136 ... Press CTRL+K to abort Connected to 10.165.87.136 ... The Server is not authenticated. Continue? [Y/N]:y Do you want to save the server public key? [Y/N]:n Later, you will find that you have logged in to Switch B successfully.