Hello, Community!
This post talks about SSH design. Please check out the information displayed further down.
BACKGROUND INFORMATION
Conventional Telnet and FTP transfer data unencrypted. This is because Telnet/FTP sends the password in plain text and can be easily sniffed. The secure shell (SSH) feature, however, offers a security guarantee and powerful authentication to protect devices from attacks such as IP address spoofing and interception of plain text passwords.
Therefore, Huawei recommends that SSH must be enabled on the devices on the entire network for remote access.
LOCAL AUTHENTICATION CONFIGURATION STEPS
The local authentication configuration steps are as follows.
1. Create an asymmetric local key pair on the SSH server:
Switch | [Switch] rsa local-key-pair create [Switch] stelnet server enable |
2. Create the user and configure the authentication type and service type:
Switch | [Switch] ssh user <user name> [Switch] ssh user <user name> authentication-type password [Switch] ssh user <user name> service-type stelnet |
3. Configure the mode of authentication on the VTY interface:
Switch | [Switch] user-interface vty <first-ui-number> <last-ui-number> [Switch-ui-vty0-4] authentication-mode aaa [Switch-ui-vty0-4] protocol inbound ssh [Switch-ui-vty0-4] idle-timeout 5 0 [Switch-ui-vty0-4] quit |
This is all on SSH design. Hope you enjoyed reading this post!
