H3C交换机SSH使用RSA公钥免密登录配置

1.使用puttygen.exe计算RSA

 2.保存公钥和私钥

公钥：pub.key   注意：公钥上传到交换机（FTP等方式）。

私钥:private.ppk

3.配置交换机

<Switch> system-view

[Switch] public-key local create rsa

The range of public key size is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

........................++++++

...................++++++

..++++++++

............++++++++

Create the key pair successfully.

# 生成DSA密钥对。

[Switch] public-key local create dsa

The range of public key size is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

.++++++++++++++++++++++++++++++++++++++++++++++++++*

........+......+.....+......................................+

...+.................+..........+...+.

Create the key pair successfully.

# 生成ECDSA密钥对。

[Switch] public-key local create ecdsa secp256r1

Generating Keys...

Create the key pair successfully. 

# 使能Stelnet服务器功能。

[Switch] ssh server enable

# 配置VLAN接口2的IP地址，客户端将通过该地址连接Stelnet服务器。

[Switch] interface vlan-interface 2

[Switch-Vlan-interface2] ip address 192.168.1.40 255.255.255.0

[Switch-Vlan-interface2] quit

# 设置Stelnet客户端登录用户线的认证方式为AAA认证。

[Switch] line vty 0 15

[Switch-line-vty0-15] authentication-mode scheme

[Switch-line-vty0-15] quit

# 从文件key.pub中导入远端的公钥，并命名为switchkey。

[Switch] public-key peer switchkey import sshkey pub.key

# 设置SSH用户admin的认证方式为publickey，并指定公钥为switchkey。

[Switch] ssh user admin service-type stelnet authentication-type publickey assign publickey switchkey

# 创建设备管理类本地用户admin，并设置服务类型为SSH，用户角色为network-admin。

[Switch] local-user admin class manage

[Switch-luser-manage-admin] service-type ssh

[Switch-luser-manage-admin] authorization-attribute user-role network-admin

[Switch-luser-manage-admin] quit

4.测试