DES-7200 Configuration Guide Chapter 3 SSH Terminal Service Configuration
Networking diagram for AAA authentication for SSH
3.6.2.2 Application Requirements
As shown above, to ensure the security of information exchange, PC serves as
SSH clients which will login the SSH Server of Switch using SSH protocol.
To better implement security management, SSH client adopts the AAA
authentication mode. Meanwhile, for stability consideration, two authentication
methods are configured in the AAA authentication method list: Radius server
authentication and local authentication. Radius server will always be selected
first, and the local authentication method will be selected later if no reply is
received from Radius server.
3.6.2.3 Configuration Tips
1. The route from SSH client to SSH server and the route from SSH server to
Radius client shall be reachable,
2. Complete SSH Server related configurations on Switch. The configuration
tips have been described in the previous example, and won't be further
introduced herein.
3. Complete AAA authentication related configurations on Switch. AAA
defines ID authentication and type by creating the method list, which is
then applied to the specific service or interface. Details are given in the
section of "Configuration Steps".
3.6.2.4 Configuration Steps
The route from SSH client to SSH server and the route from SSH client to
Radius server shall be reachable. Route related configurations won't be further
introduced. Please refer to the section of route configuration in this manual.
Configure relevant SSH features on Switch
Step 1: Enable SSH Server
DES-7200(config)# enable service ssh-server
Step 2: Generate the key
! Generate RSA key
DES-7200(config)#crypto key generate rsa
% You already have RSA keys.
% Do you really want to replace them? [yes/no]:
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
3-12