Password authentication enabled Stelnet client configuration example

As shown in Figure 111:

• Switch B acts as the Stelnet server and uses password authentication.

• The username and password of the client are saved on Switch B.

Establish an Stelnet connection between Switch A and Switch B, so that you can log in to Switch B to configure and manage Switch B.

1. Configure the Stelnet server:

   # Generate RSA key pairs.

   <SwitchB> system-view
   [SwitchB] public-key local create rsa
   The range of public key modulus is (512 ~ 2048).
   If the key modulus is greater than 512, it will take a few minutes.
   Press CTRL+C to abort.
   Input the modulus length [default = 1024]:
   Generating Keys...
   ........................++++++
   ...................++++++
   ..++++++++
   ............++++++++
   Create the key pair successfully.
   

   # Generate a DSA key pair.

   [SwitchB] public-key local create dsa
   The range of public key modulus is (512 ~ 2048).
   If the key modulus is greater than 512, it will take a few minutes.
   Press CTRL+C to abort.
   Input the modulus length [default = 1024]:
   Generating Keys...
   .++++++++++++++++++++++++++++++++++++++++++++++++++*
   ........+......+.....+......................................+
   ...+.................+..........+...+
   Create the key pair successfully.
   

   # Generate an ECDSA key pair.

   [SwitchB] public-key local create ecdsa secp256r1
   Generating Keys...
   .
   Create the key pair successfully.
   

   # Enable the Stelnet server.

   [SwitchB] ssh server enable
   

   # Assign an IP address to VLAN-interface 2. The Stelnet client uses this address as the destination address of the SSH connection.

   [SwitchB] interface vlan-interface 2
   [SwitchB-Vlan-interface2] ip address 192.168.1.40 255.255.255.0
   [SwitchB-Vlan-interface2] quit
   

   # Set the authentication mode to AAA for user lines.

   [SwitchB] line vty 0 63
   [SwitchB-line-vty0-63] authentication-mode scheme
   [SwitchB-line-vty0-63] quit
   

   # Create a local device management user named client001.

   [SwitchB] local-user client001 class manage
   

   # Set the password to aabbcc in plain text for local user client001.

   [SwitchB-luser-manage-client001] password simple aabbcc
   

   # Authorize local user client001 to use the SSH service.

   [SwitchB-luser-manage-client001] service-type ssh
   

   # Assign the network-admin user role to local user client001.

   [SwitchB-luser-manage-client001] authorization-attribute user-role network-admin
   [SwitchB-luser-manage-client001] quit
   

   # Create an SSH user named client001. Specify the service type as stelnet and the authentication method as password for the user.

   [SwitchB] ssh user client001 service-type stelnet authentication-type password
   

2. Establish a connection to the Stelnet server:

   # Assign an IP address to VLAN-interface 2.

   <SwitchA> system-view
   [SwitchA] interface vlan-interface 2
   [SwitchA-Vlan-interface2] ip address 192.168.1.56 255.255.255.0
   [SwitchA-Vlan-interface2] quit
   [SwitchA] quit
   

   Before establishing a connection to the server, you can configure the server's host public key on the client to authenticate the server.

   • To configure the server's host public key on the client, perform the following tasks:

     # Use the display public-key local dsa public command on the server to display the server's host public key. (Details not shown.)

     # Enter public key view of the client and copy the host public key of the server to the client.

     [SwitchA] public-key peer key1
     Enter public key view. Return to system view with "peer-public-key end" command.
     [SwitchA-pkey-public-key-key1]308201B73082012C06072A8648CE3804013082011F0281810
     0D757262C4584C44C211F18BD96E5F0
     [SwitchA-pkey-public-key-key1]61C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE
     65BE6C265854889DC1EDBD13EC8B274
     [SwitchA-pkey-public-key-key1]DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B0
     6FD60FE01941DDD77FE6B12893DA76E
     [SwitchA-pkey-public-key-key1]EBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B3
     68950387811C7DA33021500C773218C
     [SwitchA-pkey-public-key-key1]737EC8EE993B4F2DED30F48EDACE915F0281810082269009E
     14EC474BAF2932E69D3B1F18517AD95
     [SwitchA-pkey-public-key-key1]94184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02
     492B3959EC6499625BC4FA5082E22C5
     [SwitchA-pkey-public-key-key1]B374E16DD00132CE71B020217091AC717B612391C76C1FB2E
     88317C1BD8171D41ECB83E210C03CC9
     [SwitchA-pkey-public-key-key1]B32E810561C21621C73D6DAAC028F4B1585DA7F42519718CC
     9B09EEF0381840002818000AF995917
     [SwitchA-pkey-public-key-key1]E1E570A3F6B1C2411948B3B4FFA256699B3BF871221CC9C5D
     F257523777D033BEE77FC378145F2AD
     [SwitchA-pkey-public-key-key1]D716D7DB9FCABB4ADBF6FB4FDB0CA25C761B308EF53009F71
     01F7C62621216D5A572C379A32AC290
     [SwitchA-pkey-public-key-key1]E55B394A217DA38B65B77F0185C8DB8095522D1EF044B465E
     8716261214A5A3B493E866991113B2D
     [SwitchA-pkey-public-key-key1]485348
     [SwitchA-pkey-public-key-key1] peer-public-key end
     [SwitchA] quit
     

     # Establish an SSH connection to the server, and specify the host public key of the server.

     <SwitchA> ssh2 192.168.1.40 public-key key1
     Username: client001
     Press CTRL+C to abort.
     Connecting to 192.168.1.40 port 22.
     client001@192.168.1.40's password:
     Enter a character ~ and a dot to abort.
     
     ******************************************************************************
     * Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP          *
     * Without the owner's prior written consent,                                 *
     * no decompiling or reverse-engineering shall be allowed.                    *
     ******************************************************************************
     
     <SwitchB>
     

     After you enter the correct password, you successfully log in to Switch B.

   • If the client does not have the server's host public key, the system will notify you to confirm the further access when you access the server. Select Yes to access the server and download the server's host public key.

     <SwitchA> ssh2 192.168.1.40
     Username: client001
     Press CTRL+C to abort.
     Connecting to 192.168.1.40 port 22.
     The server is not authenticated. Continue? [Y/N]:y
     Do you want to save the server public key? [Y/N]:y
     client001@192.168.1.40's password:
     Enter a character ~ and a dot to abort.
     
     ******************************************************************************
     * Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP          *
     * Without the owner's prior written consent,                                 *
     * no decompiling or reverse-engineering shall be allowed.                    *
     ******************************************************************************
     
     <SwitchB>
     

     After you enter the correct password, you can access Switch B successfully. At the next connection attempt, the client authenticates the server by using the saved server's host public key on the client.