Configuring SSH Server in MSR Series Router

Secure Shell (SSH) offers an approach to log into a remote router securely. By providing encryption and strong authentication, it protects routers against attacks such as IP spoofing and plain text password interception. The router supports SSH, and you can log in to the router through SSH to remotely manage and maintain the router.

By default, the router is enabled with the SSH server and client functions.

  • On a router that serves as the SSH client, you can log in to an SSH server to perform operations on the server.
  •  On a router that serves as the SSH server, you can configure the authentication mode and user level for SSH users. By default, password authentication is adopted for SSH login, but no login password is configured. Therefore, you cannot log in to the router through SSH by default. Before you can log in to the router through SSH, you need to log in to the router through the console port and configure the authentication mode, user level, and common settings.

You have logged in to the router, and want to log in to the router through SSH in the future.

By default, you can log in to the router through the console port without authentication and have user privilege level 3 after login. For how to log in to the router with default configuration

Here is the Configuration Example

SSH Server

# Generate RSA and DSA key pairs and enable SSH server
<Router> system-view
[Router] public-key local create rsa
[Router] public-key local create dsa
[Router] ssh server enable

# Configure an IP address for interface Ethernet 1/1, which the SSH client will use as the destination for SSH connection.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] ip address 192.168.1.40 255.255.255.0
[Router-Ethernet1/1] quit

# Set the authentication mode for the user interface to AAA.
[Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode scheme

# Enable the user interfaces to support SSH.
[Router-ui-vty0-4] protocol inbound ssh
[Router-ui-vty0-4] quit

#Create a local user named client001, and set the user command privilege level to 3.
[Router] local-user client001
[Router-luser-client001] password simple aabbcc
[Router-luser-client001] service-type ssh level 3
[Router-luser-client001] quit

#Specify the service type of user client001 as Stelnet, and the authentication method as password.
[Router] ssh user client001 service-type stelnet authentication-type password