配置SSH Server:
由于SSH用户使用Password方式验证,需要在SSH服务器端生成本地RSA密钥:
[R2]rsa local-key-pair create
配置完成后,使用display rsa local-key-pair public 命令查看本地密钥对中的公钥部分信息
已经生成本地RSA主机密钥对
设置用户的验证方式为AAA授权验证方式
user-interface vty 0 4
authentication-mode aaa
指定VTY类型用户界面只支持SSH协议
protocol inbound ssh
因为Telnet远程登录不安全,接下来我给大家演示一下SSH远程登录
1、开启SSH协议
stelnet server enable
2、创建我们加密报文所需的密钥
rsa local-key-pair create
3、创建SSH用户,并设置密码模式
user-interface vty 0 4
authentication-mode aaa
quit
进入aaa模式
local-user user-ssh password cipher huaweu123
4、定义ssh的用户模式:
ssh user user-ssh authentication-type all
5、在登录设备的上面第一次使用SSH,需要:
ssh client first-time enable
The device is running! #################### <Huawei> Oct 22 2018 14:26:20-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt hernet0/0/0 has turned into UP state. <Huawei>sys <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]sys [Huawei]sysname R2 [R2]int [R2]interface G [R2]interface GigabitEthernet 0/0/0 [R2-GigabitEthernet0/0/0]ip add [R2-GigabitEthernet0/0/0]ip address 12.1.1.2 24 Oct 22 2018 14:28:18-08:00 R2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [R2-GigabitEthernet0/0/0]quit [R2]disp [R2]display ip int [R2]display ip interface br [R2]display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 2 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 12.1.1.2/24 up up GigabitEthernet0/0/1 unassigned down down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [R2] [R2]stel [R2]stelnet ? STRING<1-255> IP address or host name of a remote system -a Set the source IP address of SSH packets server Set Stelnet server [R2]stelnet ser [R2]stelnet server ? enable Enable Stelnet server [R2]stelnet server en [R2]stelnet server enable Info: Succeeded in starting the STELNET server. [R2]rs [R2]rsa lo [R2]rsa local-key-pair ? create Create new local public key pairs destroy Destroy the local public key pairs [R2]rsa local-key-pair cr [R2]rsa local-key-pair create The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]:1024 Generating keys... .....++++++ ..++++++ .....++++++++ ........................++++++++ [R2] [R2]aaa [R2-aaa]loc [R2-aaa]local-user us [R2-aaa]local-user user-ssh pa [R2-aaa]local-user user-ssh password cip [R2-aaa]local-user user-ssh password cipher huawei123 Info: Add a new user. [R2-aaa]loc [R2-aaa]local-user us [R2-aaa]local-user user-ssh pr [R2-aaa]local-user user-ssh privilege le [R2-aaa]local-user user-ssh privilege level 2 [R2-aaa]loc [R2-aaa]local-user us [R2-aaa]local-user user-ssh ser [R2-aaa]local-user user-ssh service-type s [R2-aaa]local-user user-ssh service-type ssh [R2-aaa]quit [R2]us [R2]user-int [R2]user-interface ? INTEGER<0,129-149> The first user terminal interface to be configured console Primary user terminal interface current The current user terminal interface maximum-vty The maximum number of VTY users, the default value is 5 tty The asynchronous serial user terminal interface vty The virtual user terminal interface [R2]user-interface vty [R2]user-interface vty 0 4 [R2-ui-vty0-4]pro [R2-ui-vty0-4]protocol inb [R2-ui-vty0-4]protocol inbound ss [R2-ui-vty0-4]protocol inbound ssh [R2-ui-vty0-4]quit [R2-ui-vty0-4]quit [R2]ssh us [R2]ssh user us [R2]ssh user user-ssh au [R2]ssh user user-ssh authentication-type a [R2]ssh user user-ssh authentication-type all Authentication type setted, and will be in effect next time [R2] [R2] [R2]ssh ? client Set SSH client attribute server Specify the server attribute user SSH user [R2]user-in [R2]user-interface vty [R2]user-interface vty 0 4 [R2-ui-vty0-4]au [R2-ui-vty0-4]authentication-mode aa [R2-ui-vty0-4]authentication-mode aaa [R2-ui-vty0-4]quit [R2] Oct 22 2018 14:45:20-08:00 R2 %%01SSH/4/SSH_FAIL(l)[2]:Failed to log in through SSH. (Ip=12.1.1.1, UserName=user-ssh, Times=16777216). [R2]
The device is running! ## <Huawei> Oct 22 2018 14:26:20-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt hernet0/0/0 has turned into UP state. <Huawei>sys <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]sys [Huawei]sysname R1 [R1]int [R1]interface G [R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ip [R1-GigabitEthernet0/0/0]ip add [R1-GigabitEthernet0/0/0]ip address 12.1.1.1 24 Oct 22 2018 14:26:59-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [R1-GigabitEthernet0/0/0]quit [R1]disp [R1]display ip int [R1]display ip interface b [R1]display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 2 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 12.1.1.1/24 up up GigabitEthernet0/0/1 unassigned down down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [R1] Please check whether system data has been changed, and save data in time Configuration console time out, please press any key to log on <R1> <R1>ssh cli <R1>ssh cli <R1>sys <R1>system-view Enter system view, return user view with Ctrl+Z. [R1]ssh cli [R1]ssh client fir [R1]ssh client first-time en [R1]ssh client first-time enable [R1]stel [R1]stelnet 12.1.1.2 Please input the username:user-ssh Trying 12.1.1.2 ... Press CTRL+K to abort Error: Failed to connect to the remote host. [R1]ping 12.1.1.2 PING 12.1.1.2: 56 data bytes, press CTRL_C to break Reply from 12.1.1.2: bytes=56 Sequence=1 ttl=255 time=60 ms Reply from 12.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 12.1.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 12.1.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 12.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms --- 12.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/32/60 ms [R1]stl [R1]st [R1]ste [R1]stelnet 12.1.1.2 Please input the username:user-ssh Trying 12.1.1.2 ... Press CTRL+K to abort Connected to 12.1.1.2 ... The server is not authenticated. Continue to access it? (y/n)[n]:y Oct 22 2018 14:45:14-08:00 R1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server ha d not been authenticated in the process of exchanging keys. When deciding whethe r to continue, the user chose Y. [R1] Save the server's public key? (y/n)[n]:y The server's public key will be saved with the name 12.1.1.2. Please wait... Oct 22 2018 14:45:20-08:00 R1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wheth er to save the server's public key 12.1.1.2, the user chose Y. [R1] Enter password: <R2>