[x]

Stelnet configuration examples > Publickey authentication enabled Stelnet server configuration example

 

 Next

Publickey authentication enabled Stelnet server configuration example

Network requirements

As shown in Figure 154, the router acts as the Stelnet server, and it uses publickey authentication and the RSA public key algorithm.

Establish an Stelnet connection between the host and the router, so you can log in to the router as a network administrator to configure and manage the router.

Figure 149: Network diagram

Configuration procedure

In the server configuration, the client's host public key is required. Use the client software to generate RSA key pairs on the client before configuring the Stelnet server.

There are different types of Stelnet client software, such as PuTTY and OpenSSH. This example uses an Stelnet client that runs PuTTY version 0.58.

The configuration procedure is as follows:

  1. Generate RSA key pairs on the Stelnet client:

    1. Run PuTTYGen.exe, select SSH-2 RSA and click Generate.

      Figure 150: Generating a key pair on the client

    2. On the page as shown in Figure 157, click Save private key to save the private key.

      A confirmation dialog box appears.

    3. Click Yes.

      A file saving window appears.

    4. Enter a file name (private.ppk in this example), and click Save.

    5. Transmit the public key file to the server through FTP or TFTP. (Details not shown.)

  1. Continue moving the mouse during the key generating process, but do not place the mouse over the green progress bar shown in Figure 156. Otherwise, the progress bar stops moving and the key pair generating process stops.

    Figure 151: Generating process

  2. On the page as shown in Figure 157, click Save private key to save the private key.

    A confirmation dialog box appears.

  3. Click Yes.

    A file saving window appears.

  4. Enter a file name (private.ppk in this example), and click Save.

  5. Transmit the public key file to the server through FTP or TFTP. (Details not shown.)

  1. After the key pair is generated, click Save public key to save the public key.

    A file saving window appears.

    Figure 152: Saving a key pair on the client

  2. On the page as shown in Figure 157, click Save private key to save the private key.

    A confirmation dialog box appears.

  3. Click Yes.

    A file saving window appears.

  4. Enter a file name (private.ppk in this example), and click Save.

  5. Transmit the public key file to the server through FTP or TFTP. (Details not shown.)

  1. Enter a file name (key.pub in this example), and click Save.

  2. On the page as shown in Figure 157, click Save private key to save the private key.

    A confirmation dialog box appears.

  3. Click Yes.

    A file saving window appears.

  4. Enter a file name (private.ppk in this example), and click Save.

  5. Transmit the public key file to the server through FTP or TFTP. (Details not shown.)

  1. Configure the Stelnet server:

    # Generate RSA key pairs.

    <Router> system-view
[Router] public-key local create rsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.

    # Generate a DSA key pair.

    [Router] public-key local create dsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+
Create the key pair successfully.

    # Generate an ECDSA key pair.

    [Router] public-key local create ecdsa secp256r1
Generating Keys...
.
Create the key pair successfully.

    # Enable the Stelnet server.

    [Router] ssh server enable

    # Assign an IP address to interface GigabitEthernet 1/0/1. The Stelnet client uses this address as the destination for SSH connection.

    [Router] interface gigabitethernet 1/0/1
[Router-GigabitEthernet1/0/1] ip address 192.168.1.40 255.255.255.0
[Router-GigabitEthernet1/0/1] quit

    # Set the authentication mode to AAA for the user lines.

    [Router] line vty 0 63
[Router-line-vty0-63] authentication-mode scheme
[Router-line-vty0-63] quit

    # Import the peer public key from the public key file key.pub and name it clientkey.

    [Router] public-key peer clientkey import sshkey key.pub

    # Create an SSH user named client002. Specify the authentication method as publickey for the user, and assign the public key clientkey to the user.

    [Router] ssh user client002 service-type stelnet authentication-type publickey assign publickey clientkey

    # Create a local device management user named client002.

    [Router] local-user client002 class manage

    # Authorize local user client002 to use the SSH service.

    [Router-luser-manage-client002] service-type ssh

    # Assign the network-admin user role to user client002.

    [Router-luser-manage-client002] authorization-attribute user-role network-admin
[Router-luser-manage-client002] quit

  2. Specify the private key file and establish a connection to the Stelnet server:

    1. Launch PuTTY.exe on the Stelnet client to enter the interface shown in Figure 158.

    2. In the Host Name (or IP address) field, enter the IP address 192.168.1.40 of the Stelnet server.

      Figure 153: Specifying the host name (or IP address)

    3. Specify the Preferred SSH protocol version as 2.

      Figure 154: Specifying the preferred SSH version

    4. Click Browse to bring up the file selection window, navigate to the private key file (private.ppk in this example), and click OK.

      Figure 155: Specifying the private key file

  1. Select Connection > SSH from the navigation tree.

    The window shown in Figure 159 appears.

  2. Specify the Preferred SSH protocol version as 2.

    Figure 154: Specifying the preferred SSH version

  3. Click Browse to bring up the file selection window, navigate to the private key file (private.ppk in this example), and click OK.

    Figure 155: Specifying the private key file

  1. Select Connection > SSH > Auth from the navigation tree.

    The window shown in Figure 160 appears.

  2. Click Browse to bring up the file selection window, navigate to the private key file (private.ppk in this example), and click OK.

    Figure 155: Specifying the private key file

  1. Click Open to connect to the server.

If the connection is successfully established, the system notifies you to enter the username. After entering the username (client002), you can enter the CLI of the server.

prev

 

up

 next

Password authentication enabled Stelnet server configuration example 

home

 Password authentication enabled Stelnet client configuration example

© Copyright 2017 Hewlett Packard Enterprise Development LP