一、客户端端配置
1、客户端生成RSA证书
ssh-keygen -t rsa
2、将公钥转换成16进制字符串形式
ssh-keygen -f id_rsa.pub -e -m pem | grep -v '\-\-\-\-' | base64 -D | xxd -p
二、设备配置
1、将公钥导入设备,命名为rsa
rsa peer-public-key rsa
public-key-code begin
此处粘贴16进制公钥
public-key-code end
peer-public-key end
2、创建aaa用户rsa,密码12345678
aaa
local-user rsa password cipher 12345678 privilege level 15
local-user rsa service-type ssh
quit
3、添加ssh用户
ssh user rsa authentication-type rsa
ssh user rsa assign rsa-key rsa
ssh user rsa service-type all
4、启用SSH和SFTP
stelnet server enable
sftp server enable
<可选>关闭telnet
telnet server disable
5、接口下开启认证
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound ssh
quit