Got it

[Knowledge sharing]Example for configuring the S switch device to login SSH through RSA key

331 0 4 0

Hello everyone,

I'll share below the configuration steps that you need to follow in order to be able to login SSH on S switch using RSA authentication.
This will describe how to configure the client to log in to the server through STelnet. Hope it's useful to you :)

So the first steps would be to configure the S switch:

 #1. We need to configure the VTY user interface on the SSH server:

[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] user privilege level 3
[SSH Server-ui-vty0-4] quit

#2. We need to create a local user on the server and configure the service type of the user.

[SSH Server] aaa
[SSH Server-aaa] local-user admin123 password irreversible-cipher Huawei@123
[SSH Server-aaa] local-user admin123 service-type ssh
[SSH Server-aaa] quit

#3. We need to create an SSH user on the server and configure the authentication mode for the user.

[SSH Server] ssh user admin123
[SSH Server] ssh user admin123 authentication-type rsa

Now, we need to create a public key and share the private key, we will use PuTTy to perform these steps:

#4. We use PuTTY to create an RSA key pair on the SSH client and copy the public key to the SSH server which is the S switch.
This is the interface of the PuTTY Key Generator:


We click Generate to generate a key pair. In this step is required to move the mouse continuously during the key pair generation and move the pointer in the window other than the process bar in green. Otherwise, the progress bar stops, and the key pair generation stops as well.

After the key pair is generated, we need to click Save private key, enter private1.ppk for the name of the private key file, and click Save. We can copy or save the generated public key to the Notepad and name it

#5. We need to save the public key  on the S switch and assigns the edited public key to the user.

[SSH Server] rsa peer-public-key rsa02 encoding-type openssh
[SSH Server-rsa-public-key] public-key-code begin
[SSH Server-rsa-public-key-rsa-key-code] ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAv8FeliSehpgTm0neE51DhvtOBeFjPpxrFhYllq5hvWUhjrWWtSM0CMDqRAkoVOXQzcR2AhUSCvgvWH8b8VTapD/bLK/DuM1TEqE70Yv6jImSHTv81MeJSqPkl9T1NhHlvYKMoeJqqa2GpD2lHmZfmJod89f5DxhHm/hzShooxB26em+g/u+tV+DZ2BOXTUcBQ8Oi7FqTbPzPIzG1zQdUqjbSW+DBGuM24CBxlDncXsFbkVneovA1xkz2y6Yux4KXbXzij5dKwqiPmqKKr5HeLPLqpx0IkWGnTKQR0sngiyUPAXcM5RpvHpp1UZiR+j0pBWc94mpBdSKsGRal+neksQ== rsa-key-20191105
[SSH Server-rsa-public-key-rsa-key-code] public-key-code end
[SSH Server-key-code] peer-public-key end
[SSH Server] ssh user admin123 assign rsa-key rsa02

#6. We also need to enable the STelnet function and set the user service type to STelnet.

[SSH Server] stelnet server enable
[SSH Server] ssh user admin123 service-type stelnet

#7. Finally we can authenticate using SSH using the client PuTTY.exe

We start PuTTY and fill the IP of the Switch server:

putty interface
We select SSH under Connection from the left navigation tree on the SSH client configuration page. In the Protocol options area, set SSH protocol version to 2.

Then we select Auth under SSH. On the displayed page, click Browse and input the private key file private1.ppk.


If these are correct, we can click Open and the system prompts you to enter the user name. In this example, the user name is admin123.



 - the privilege of the users authenticated using RSA must be configured in the user-interface vty :
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 3
 protocol inbound all

- in the PuTTY Generator you can also configure a key passphrase that requires you to input also a password along with the username 'admin123'

- if you configure 'command-privilege level rearrange' command, the users will not have the configured privilege in vty user-interface. After this command is used, the users at Level 2 to Level 9 are not allowed to run commands defaulted to Level 2, and users at Level 3 to Level 14 are not allowed to run commands defaulted to Level.

Wish you a great day and hope will help you finding your solution :)

  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits


Huawei Enterprise Support Community
Huawei Enterprise Support Community
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.