Thursday , April 25 2024
Home / Basic Configuration / connection to ssh server by stelnet and sftp

connection to ssh server by stelnet and sftp

4 Mar, 2013 Basic Configuration Leave a comment

Today I would like to focus on SSH application. What I want to do is to configure SSH connection between two switches, using password and RSA authentication:

  • Connection between stelnet client and SSH server
  • Connection between SFTP client and SSH server.

Let’s look at the simple SSH topology:

Ensure IP connection based on the above topology:

#
sysname SSH_client
#
vlan batch 100
#
interface Vlanif100
 ip address 10.0.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port hybrid tagged vlan 100
#
sysname SSH_server
#
vlan batch 100
#
interface Vlanif100
 ip address 10.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 port hybrid tagged vlan 100

Create a local key pair on the SSH_server:

[SSH_server]rsa local-key-pair create 
The key name will be: SSH_server_Host
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
       it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
....................++++++++++++
...........++++++++++++
.........++++++++
........................++++++++

Configure a VTY user-interface:

[SSH_server]user-interface vty 0 4
[SSH_server-ui-vty0-4]authentication-mode aaa	
[SSH_server-ui-vty0-4]protocol inbound ssh

Configure two local users:

[SSH_server-aaa]local-user labnario_pass password simple labnario
Info: Add a new user.
[SSH_server-aaa]local-user labnario_pass service-type ssh
[SSH_server-aaa]local-user labnario_pass privilege level 15
[SSH_server-aaa]
[SSH_server-aaa]local-user labnario_rsa password cipher labnario
Info: Add a new user.
[SSH_server-aaa]local-user labnario_rsa service-type ssh
[SSH_server-aaa]local-user labnario_rsa privilege level 15

Create an SSH user named labnario_pass and configure the authentication mode as password for the user:

[SSH_server]ssh user labnario_pass authentication-type password
Info: Succeeded in adding a new SSH user.

Create an SSH user named labnario_rsa and configure the authentication mode as RSA for the user:

[SSH_server]ssh user labnario_rsa authentication-type rsa 
Info: Succeeded in adding a new SSH user.

Create a local key pair on the client:

[SSH_client]rsa local-key-pair create 
The key name will be: SSH_client_Host
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
       it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...++++++++++++
.............++++++++++++
.........++++++++
...................++++++++

Send the RSA public key, generated on the client, to the server:

[SSH_client]display rsa local-key-pair public 

=====================================================
Time of Key pair created: 12:14:00  2013/3/4
Key name: SSH_client_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
  0240
    E3A7DD2A 41619DB8 87C393E6 37F8EC7F FE3CCC99
    648127E9 5CB55853 682B6769 6A1A29AC F14C4B6C
    BB42D341 FFACE436 72629F6D 83BA629D 820EB648
    FED5D523 
  0203
    010001
...

[SSH_server]rsa peer-public-key labnario 
Enter "RSA public key" view, return system view with "peer-public-key end".	
[SSH_server-rsa-public-key]public-key-code begin 
Enter "RSA key code" view, return last view with "public-key-code end".

[SSH_server-rsa-key-code]3047
[SSH_server-rsa-key-code]  0240
[SSH_server-rsa-key-code]    E3A7DD2A 41619DB8 87C393E6 37F8EC7F FE3CCC99
[SSH_server-rsa-key-code]    648127E9 5CB55853 682B6769 6A1A29AC F14C4B6C
[SSH_server-rsa-key-code]    BB42D341 FFACE436 72629F6D 83BA629D 820EB648
[SSH_server-rsa-key-code]    FED5D523 
[SSH_server-rsa-key-code]  0203
[SSH_server-rsa-key-code]    010001	
[SSH_server-rsa-key-code]public-key-code end
[SSH_server-rsa-public-key]peer-public-key end

Bind the RSA public key of the SSH_client to labnario_rsa on the SSH_server:

[SSH_server]ssh user labnario_rsa assign rsa-key labnario

Enable stelnet service on the SSH server:

[SSH_server]stelnet server enable
Info: Succeeded in starting the Stelnet server.

Set the service type of labnario_pass and labnario_rsa to stelnet:

[SSH_server]ssh user labnario_pass service-type stelnet
[SSH_server]ssh user labnario_rsa service-type stelnet

You must enable the initial authentication on the SSH_client for the first login:

[SSH_client] ssh client first-time enable

Initiate stelnet connection from SSH_client to SSH_server using password:

[SSH_client]stelnet 10.0.0.2
Please input the username:labnario_pass
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 10.0.0.2. Please wait...

Enter password:
Info: The max number of VTY users is 5, and the number
      of current VTY users on line is 1.
      The current login time is 2013-03-04 12:22:52.
<SSH_server>

Initiate stelnet connection from SSH_client to SSH_server using RSA:

[SSH_client]stelnet 10.0.0.2
Please input the username:labnario_rsa
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
Info: The max number of VTY users is 5, and the number
      of current VTY users on line is 1.
      The current login time is 2013-03-04 12:23:10.
<SSH_server>

To use SFTP to connect to SSH_server just add the following configuration to SSH_server:

[SSH_server-aaa]local-user labnario_pass service-type ftp ssh
[SSH_server-aaa]local-user labnario_rsa service-type ftp ssh
[SSH_server-aaa]local-user labnario_pass ftp-directory flash:
[SSH_server-aaa]local-user labnario_rsa ftp-directory flash:

[SSH_server]ssh user labnario_pass service-type all
[SSH_server]ssh user labnario_rsa service-type all

[SSH_server]sftp server enable
Info: Succeeded in starting the SFTP server.

Use SFTP on SSH_client to initiate SFTP connection to SSH_server:

[SSH_client]sftp 10.0.0.2
Please input the username:labnario_pass
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
Enter password:
<sftp-client>dir
drwxrwxrwx   1 noone    nogroup         0 Mar 04 12:04 src
drwxrwxrwx   1 noone    nogroup         0 Mar 04 12:05 compatible
-rwxrwxrwx   1 noone    nogroup       890 Mar 04 12:23 vrpcfg.zip
<sftp-client>quit
Bye
[SSH_client]
[SSH_client]
[SSH_client]sftp 10.0.0.2
Please input the username:labnario_rsa
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
<sftp-client>dir
drwxrwxrwx   1 noone    nogroup         0 Mar 04 12:04 src
drwxrwxrwx   1 noone    nogroup         0 Mar 04 12:05 compatible
-rwxrwxrwx   1 noone    nogroup       890 Mar 04 12:23 vrpcfg.zip
<sftp-client>quit
Bye

Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

Design By: ThemeTen