<device> system-view

[device] interface vlan-interface 1 [device-Vlan-interface1] ip address 10.165.87.136 255.255.255.0

[device-Vlan-interface1] quit

# Generate RSA and DSA key pairs.

[device] public-key local create rsa

[device] public-key local create dsa

# Set the authentication mode for the user interfaces to AAA.

[device] user-interface vty 0 4

[device-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.

[device-ui-vty0-4] protocol inbound ssh

# Set the user command privilege level to 3.

[device-ui-vty0-4] user privilege level 3

[device-ui-vty0-4] quit

# Specify the authentication type of user client001 as publickey.

[device] ssh user client001 authentication-type publickey

Before doing the following steps, you must first generate a DSA public key pair on the client and save the key pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP. For details, refer to “Configure Switch A”.

# Import the client public key pair named Switch001 from the file Switch001.

[device] public-key peer Switch001 import sshkey Switch001

# Assign the public key Switch001 to user client001.

[device] ssh user client001 assign rsa-key Switch001

zConfigure Switch A

#Create a VLAN interface on the device and assign an IP address, which serves as the SSH client’s address in an SSH connection.

<device> system-view

[device] interface vlan-interface 1 [device-Vlan-interface1] ip address 10.165.87.137 255.255.255.0

[device-Vlan-interface1] quit

# Generate a DSA key pair

[device] public-key local create dsa

# Export the generated DSA key pair to a file named Switch001.

[device] public-key local export dsa ssh2 Switch001

1-32

Page 529
Image 529
3Com WX3000 operation manual # Set the user command privilege level to, # Assign the public key Switch001 to user client001