Hello everyone,
I'll share below the configuration steps that you need to follow in order to be able to login SSH on S switch using RSA authentication.
This will describe how to
configure the client to log in to the server through STelnet. Hope it's useful to you :)
So the first steps would be to configure the S switch:
#1. We need to configure the VTY user interface on the SSH server:
[SSH Server] user-interface vty 0 4 [SSH Server-ui-vty0-4] authentication-mode aaa [SSH Server-ui-vty0-4] protocol inbound ssh [SSH Server-ui-vty0-4] user privilege level 3 [SSH Server-ui-vty0-4] quit
#2. We need to create a local user on the server and configure the service type of the user.
[SSH Server] aaa [SSH Server-aaa] local-user admin123 password irreversible-cipher Huawei@123 [SSH Server-aaa] local-user admin123 service-type ssh [SSH Server-aaa] quit
#3. We need to create an SSH user on the server and configure the authentication mode for the user.
[SSH Server] ssh user admin123 [SSH Server] ssh user admin123 authentication-type rsa
Now, we need to create a public key and share the private key, we will use PuTTy to perform these steps:
#4. We use PuTTY to create an RSA key pair on the SSH client and copy the public key to the SSH server which is the S switch.
This is the interface of the PuTTY Key Generator:
We click Generate to generate a key pair. In this step is required to move
the mouse continuously during the key pair generation and move the
pointer in the window other than the process bar in green. Otherwise,
the progress bar stops, and the key pair generation stops as well.
After the key pair is generated, we need to click Save private key, enter private1.ppk for the name of the private key file, and click Save. We can copy or save the generated public key to the Notepad and name it public1.pub
#5. We need to save the public key on the S switch and assigns the edited public key to the user.
[SSH Server] rsa peer-public-key rsa02 encoding-type openssh [SSH Server-rsa-public-key] public-key-code begin [SSH Server-rsa-public-key-rsa-key-code] ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAv8FeliSehpgTm0neE51DhvtOBeFjPpxrFhYllq5hvWUhjrWWtSM0CMDqRAkoVOXQzcR2AhUSCvgvWH8b8VTapD/bLK/DuM1TEqE70Yv6jImSHTv81MeJSqPkl9T1NhHlvYKMoeJqqa2GpD2lHmZfmJod89f5DxhHm/hzShooxB26em+g/u+tV+DZ2BOXTUcBQ8Oi7FqTbPzPIzG1zQdUqjbSW+DBGuM24CBxlDncXsFbkVneovA1xkz2y6Yux4KXbXzij5dKwqiPmqKKr5HeLPLqpx0IkWGnTKQR0sngiyUPAXcM5RpvHpp1UZiR+j0pBWc94mpBdSKsGRal+neksQ== rsa-key-20191105 [SSH Server-rsa-public-key-rsa-key-code] public-key-code end [SSH Server-key-code] peer-public-key end [SSH Server] ssh user admin123 assign rsa-key rsa02
#6. We also need to enable the STelnet function and set the user service type to STelnet.
[SSH Server] stelnet server enable [SSH Server] ssh user admin123 service-type stelnet
#7. Finally we can authenticate using SSH using the client PuTTY.exe
We start PuTTY and fill the IP of the Switch server:
We select SSH under Connection from the left navigation tree on the SSH client configuration page. In the Protocol options area, set SSH protocol version to 2.
Then we select Auth under SSH. On the displayed page, click Browse and input the private key file private1.ppk.
If these are correct, we can click Open and the system prompts you to enter the user name. In this example, the user name is admin123.
Tips:
- the privilege of the users authenticated using RSA must be configured in the user-interface vty :
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
protocol inbound all
- in the PuTTY Generator you can also configure a key passphrase that requires you to input also a password along with the username 'admin123'
- if you configure 'command-privilege level rearrange' command, the users will not have the configured privilege in vty user-interface. After this command is used, the users at Level 2 to Level 9 are not allowed to run commands
defaulted to Level 2, and users at Level 3 to Level 14 are not allowed
to run commands defaulted to Level.
Wish you a great day and hope will help you finding your solution :)