Problem Description

S5700 SSH Configuration

This function is common in S switches, such as S2700,S3700,S5700,S6700,S7700,S9300,S9700.

Solution

[Quidway]aaa //configure user information

[Quidway-aaa]local-user huawei password cipher huawei

[Quidway-aaa]local-user huawei service-type ssh telnet

[Quidway-aaa]local-user huawei privilege level 15

[Quidway-aaa]quit

[Quidway-aaa]local-user huawei privilege level 15

[Quidway]user-interface vty 0 4

[Quidway-ui-vty0-4]authentication-mode aaa

[Quidway-ui-vty0-4]protocol inbound all

[Quidway-ui-vty0-4]quit

[Quidway]rsa local-key-pair create //create public key for distribution to clients

The range of public key size is (512 ~ 2048).

[Quidway]ssh user huawei authentication-type password //Configure ssh authentication and services, very important.

[Quidway]ssh user huawei service-type stelnet

About SSH version:

The versions are mainly 1.3, 1.5, and 2.0.

When the switch is an SSH server, it supports both SSH 1.x and SSH 2 by default, and SSH 1.99 will be displayed after logging into the device, which is actually the v1 v2 compatibility mode.

[HUAWEI]  ssh server compatible-ssh1x enable (enabled by default)

If the protocol version number of the client is lower than 1.3 or higher than 2.0, the version negotiation fails and the connection is disconnected.

If the protocol version of the client is greater than or equal to 1.3 and less than 1.99, and if the system is configured to be compatible with the SSH1.X method, it enters the SSH1.5 SERVER module, and subsequently carries out the SSH1.x protocol process; otherwise, the version negotiation fails, and the connection with the client is disconnected.

If the client protocol version is 1.99 or 2.0, then enter the SSH2.0 SERVER module and follow up with the SSH2.0 protocol process.