1 generating public keys and keys on the client
Ssh-keygen
Always enter, the public and private key files are generated under the ~/.SSH directory
2 Converting a public key
Using commands
Ssh-keygen-f. SSH/ID_RSA.PUB-E-M PEM | Grep-v ' \-\-\-\-' | base64-d | Xxd-p
This is to convert the original OpenSSH public key to Ssh2.0 's public key, because it seems that the current Linux distribution default is OpenSSH, but Huawei only know ssh2.0, so ...
Save the generated public key (it will be displayed directly on the terminal)
The switches are configured as follows:
RSA Peer-public-key 1
Public-key-code begin
30820109
02820100
E58b4df3 8B1DCFBC 6f376c9c 5f73f18c 44af4bc7 631ce37c 2288c9f8 38d03c55
796974E8 52934544 42212a72 42e843db 00bae582 af18f671 3906d6a0 f0f5ad37
33228e2e 177606a6 36d48565 35f54d7b e9111fac 502eda4f 68e6eabf 4D0404DD
5e0ecde5 079f0745 0a9b53ff 35c90848 8942124C ca27d83e 8231535C c3d7d154
504d93f4 526b0574 3b4b73df 842ff1d5 0cbacd96 2a7be17a 9c4b7555 0ca5192e
b7fc7f69 650f9dc3 17a01b0c 20528ab8 3bcf1738 6fc74fe6 2abebb63 63258034
7DB8D1CB 1ce61117 fa9d6f8c 6b738d54 AC939196 e1520fcf c8a3684c 03640057
D4b54bb4 d747335b 747451a4 e86751ab cd31abf8 c28f2183 FDD7FEEC 69ee1d2b
0203
010001
Public-key-code End
Peer-public-key End
#
Aaa
Authentication-scheme Default
Authorization-scheme Default
Accounting-scheme Default
Domain default
Domain Default_admin
Local-user user1 password cipher%@%@_%485) =.31D,KBRL) mautf03%@%@
Local-user user1 service-type ssh
Local-user user2 password cipher%@% @D2x; 9a}=y~b1s) j-s8wmtj!; %@%@
Local-user User2 Privilege Level 15
Local-user user2 service-type SSH
Undo Local-user Admin
#
Stelnet Server Enable
SSH User User1
SSH User User1 authentication-type RSA
SSH User User1 assign Rsa-key 1
SSH user user1 Service-type stelnet
SSH user User2
SSH user user2 authentication-type password
SSH user User2 Service-type stelnet
SSH client First-time Enable
#
User-interface vty 0 4
Authentication-mode AAA
User Privilege Level 1
Protocol Inbound SSH
User-interface vty 16 20
#
After this configuration is complete, User1 has the view permission, the key authentication login (does not enter the password), User2 has the Administrator privilege, the password authentication. This is the Huawei 5700 switch, Sshkey permissions set in User-interface vty inside, and can not be set for a user (operating system does not have this function), so the best way is probably this.
This article is from the "8997458" blog, please be sure to keep this source http://9007458.blog.51cto.com/8997458/1606498
About Huawei Switch Configuration sshkey password-free login