Today I would like to focus on SSH application. What I want to do is to configure SSH connection between two switches, using password and RSA authentication:
- Connection between stelnet client and SSH server
- Connection between SFTP client and SSH server.
Let’s look at the simple SSH topology:
Ensure IP connection based on the above topology:
#
sysname SSH_client
#
vlan batch 100
#
interface Vlanif100
ip address 10.0.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
#
sysname SSH_server
#
vlan batch 100
#
interface Vlanif100
ip address 10.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 100
Create a local key pair on the SSH_server:
[SSH_server]rsa local-key-pair create
The key name will be: SSH_server_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
....................++++++++++++
...........++++++++++++
.........++++++++
........................++++++++
Configure a VTY user-interface:
[SSH_server]user-interface vty 0 4
[SSH_server-ui-vty0-4]authentication-mode aaa
[SSH_server-ui-vty0-4]protocol inbound ssh
Configure two local users:
[SSH_server-aaa]local-user labnario_pass password simple labnario
Info: Add a new user.
[SSH_server-aaa]local-user labnario_pass service-type ssh
[SSH_server-aaa]local-user labnario_pass privilege level 15
[SSH_server-aaa]
[SSH_server-aaa]local-user labnario_rsa password cipher labnario
Info: Add a new user.
[SSH_server-aaa]local-user labnario_rsa service-type ssh
[SSH_server-aaa]local-user labnario_rsa privilege level 15
Create an SSH user named labnario_pass and configure the authentication mode as password for the user:
[SSH_server]ssh user labnario_pass authentication-type password
Info: Succeeded in adding a new SSH user.
Create an SSH user named labnario_rsa and configure the authentication mode as RSA for the user:
[SSH_server]ssh user labnario_rsa authentication-type rsa
Info: Succeeded in adding a new SSH user.
Create a local key pair on the client:
[SSH_client]rsa local-key-pair create
The key name will be: SSH_client_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...++++++++++++
.............++++++++++++
.........++++++++
...................++++++++
Send the RSA public key, generated on the client, to the server:
[SSH_client]display rsa local-key-pair public
=====================================================
Time of Key pair created: 12:14:00 2013/3/4
Key name: SSH_client_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
E3A7DD2A 41619DB8 87C393E6 37F8EC7F FE3CCC99
648127E9 5CB55853 682B6769 6A1A29AC F14C4B6C
BB42D341 FFACE436 72629F6D 83BA629D 820EB648
FED5D523
0203
010001
...
[SSH_server]rsa peer-public-key labnario
Enter "RSA public key" view, return system view with "peer-public-key end".
[SSH_server-rsa-public-key]public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH_server-rsa-key-code]3047
[SSH_server-rsa-key-code] 0240
[SSH_server-rsa-key-code] E3A7DD2A 41619DB8 87C393E6 37F8EC7F FE3CCC99
[SSH_server-rsa-key-code] 648127E9 5CB55853 682B6769 6A1A29AC F14C4B6C
[SSH_server-rsa-key-code] BB42D341 FFACE436 72629F6D 83BA629D 820EB648
[SSH_server-rsa-key-code] FED5D523
[SSH_server-rsa-key-code] 0203
[SSH_server-rsa-key-code] 010001
[SSH_server-rsa-key-code]public-key-code end
[SSH_server-rsa-public-key]peer-public-key end
Bind the RSA public key of the SSH_client to labnario_rsa on the SSH_server:
[SSH_server]ssh user labnario_rsa assign rsa-key labnario
Enable stelnet service on the SSH server:
[SSH_server]stelnet server enable
Info: Succeeded in starting the Stelnet server.
Set the service type of labnario_pass and labnario_rsa to stelnet:
[SSH_server]ssh user labnario_pass service-type stelnet
[SSH_server]ssh user labnario_rsa service-type stelnet
You must enable the initial authentication on the SSH_client for the first login:
[SSH_client] ssh client first-time enable
Initiate stelnet connection from SSH_client to SSH_server using password:
[SSH_client]stelnet 10.0.0.2
Please input the username:labnario_pass
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 10.0.0.2. Please wait...
Enter password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2013-03-04 12:22:52.
<SSH_server>
Initiate stelnet connection from SSH_client to SSH_server using RSA:
[SSH_client]stelnet 10.0.0.2
Please input the username:labnario_rsa
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2013-03-04 12:23:10.
<SSH_server>
To use SFTP to connect to SSH_server just add the following configuration to SSH_server:
[SSH_server-aaa]local-user labnario_pass service-type ftp ssh
[SSH_server-aaa]local-user labnario_rsa service-type ftp ssh
[SSH_server-aaa]local-user labnario_pass ftp-directory flash:
[SSH_server-aaa]local-user labnario_rsa ftp-directory flash:
[SSH_server]ssh user labnario_pass service-type all
[SSH_server]ssh user labnario_rsa service-type all
[SSH_server]sftp server enable
Info: Succeeded in starting the SFTP server.
Use SFTP on SSH_client to initiate SFTP connection to SSH_server:
[SSH_client]sftp 10.0.0.2
Please input the username:labnario_pass
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
Enter password:
<sftp-client>dir
drwxrwxrwx 1 noone nogroup 0 Mar 04 12:04 src
drwxrwxrwx 1 noone nogroup 0 Mar 04 12:05 compatible
-rwxrwxrwx 1 noone nogroup 890 Mar 04 12:23 vrpcfg.zip
<sftp-client>quit
Bye
[SSH_client]
[SSH_client]
[SSH_client]sftp 10.0.0.2
Please input the username:labnario_rsa
Trying 10.0.0.2 ...
Press CTRL+K to abort
Connected to 10.0.0.2 ...
<sftp-client>dir
drwxrwxrwx 1 noone nogroup 0 Mar 04 12:04 src
drwxrwxrwx 1 noone nogroup 0 Mar 04 12:05 compatible
-rwxrwxrwx 1 noone nogroup 890 Mar 04 12:23 vrpcfg.zip
<sftp-client>quit
Bye
Read More »