Telnet的三种登录方式
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.华为创建telnet的三种验证方式
首先,我们可以简单的看一个拓扑图,让我们可以在亦庄的路由器上对双桥的路由器进行操作。
1.无验证登录(none方式)
给需要远程的路由器配置一个互联的IP地址即可:
1 “亦庄机房”配置如下: 2 [Huawei]interface Ethernet 0/0/1 3 [Huawei-Ethernet0/0/1]ip address 172.30.1.1 24 4 [Huawei-Ethernet0/0/1]undo shutdown 5 [Huawei-Ethernet0/0/1]quit
6 [huawei]sysname yizhuang
在需要远程的路由器上需要开启Telnet服务:
“双桥机房”配置如下: [Huawei]interface Ethernet 0/0/1 [Huawei-Ethernet0/0/1]ip address 172.30.1.2 24 [Huawei-Ethernet0/0/1]undo shutdown [Huawei-Ethernet0/0/1]quit [Huawei]telnet server enable #开启telnet功能 [Huawei]user-interface vty 0 4 [Huawei-ui-vty0-4]authentication-mode none #设置认证模式 [Huawei-ui-vty0-4]user privilege level 3 #指定登录账号的级别 10[huawei]sysname shuangqiao
测试:
1 [yizhuang]interface Ethernet 0/0/1 2 [yizhuang-Ethernet0/0/1]display this #查看当前接口信息 3 # 4 interface Ethernet0/0/1 5 ip address 172.30.1.1 255.255.255.0 6 # 7 return 8 [yizhuang-Ethernet0/0/1]ping 172.30.1.2 #检查是否能和互联地址ping通 9 PING 172.30.1.2: 56 data bytes, press CTRL_C to break 10 Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=40 ms 11 Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms 12 Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms 13 Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=50 ms 14 Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms 15 16 --- 172.30.1.2 ping statistics --- 17 5 packet(s) transmitted 18 5 packet(s) received 19 0.00% packet loss 20 round-trip min/avg/max = 20/38/50 ms 21 22 [yizhuang-Ethernet0/0/1]quit 23 [yizhuang]quit 24 <yizhuang>telnet 172.30.1.2 #远程双桥地址 25 Trying 172.30.1.2 ... 26 Press CTRL+K to abort 27 Connected to 172.30.1.2 ... 28 29 Info: The max number of VTY users is 10, and the number 30 of current VTY users on line is 1. 31 The current login time is 2017-04-18 18:15:39. 32 <shuangqiao> #登录成功,显示的双桥的主机名 33 <shuangqiao> 34 <shuangqiao>
很显然:上面不用输入任何信息就能登录,没有安全性可言,谁都能远程你的设备,所以,这种配置我们一般不采取,除非我们在做实验的时候会用,好吧~anyway,忘记它吧。
2.基于用户名验证(password登录方式)
清华园路由器配置:
1 “清华园机房”配置如下: 2 <Huawei>system-view 3 [Huawei]interface Ethernet 0/0/1 4 [Huawei-Ethernet0/0/1]ip address 172.30.1.1 24 5 [Huawei-Ethernet0/0/1]undo shutdown 6 [Huawei]sysname qinghuayuan
廊坊路由器配置:
1 “廊坊机房”配置如下: 2 <Huawei>system-view 3 [Huawei]sysname langfang 4 [langfang]interface Ethernet 0/0/1 5 [langfang-Ethernet0/0/1] ip address 172.30.1.2 24 6 [langfang-Ethernet0/0/1]undo shutdown 7 [langfang-Ethernet0/0/1]quit 8 [langfang]telnet server enable 9 [langfang]user-interface vty 0 4 10 [langfang-ui-vty0-4]authentication-mode password #认真的模式 11 [langfang-ui-vty0-4]set authentication password simple 12 13 yinzhengjie #设置明文密码是“yinzhengjie”
测试结果如下:
1 [qinghuayuan-Ethernet0/0/1]display this 2 # 3 interface Ethernet0/0/1 4 ip address 172.30.1.1 255.255.255.0 5 # 6 return 7 [qinghuayuan-Ethernet0/0/1]ping 172.30.1.2 8 PING 172.30.1.2: 56 data bytes, press CTRL_C to break 9 Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms 10 Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=50 ms 11 Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms 12 Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=60 ms 13 Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms 14 15 --- 172.30.1.2 ping statistics --- 16 5 packet(s) transmitted 17 5 packet(s) received 18 0.00% packet loss 19 round-trip min/avg/max = 30/48/60 ms 20 21 [qinghuayuan-Ethernet0/0/1] 22 <qinghuayuan>telnet 172.30.1.2 23 Trying 172.30.1.2 ... 24 Press CTRL+K to abort 25 Connected to 172.30.1.2 ... 26 27 28 Login authentication 29 30 31 Password: #在此处输入密码 32 Info: The max number of VTY users is 10, and the number 33 of current VTY users on line is 1. 34 The current login time is 2017-04-18 18:28:18. 35 <langfang> #密码输出正确登录成功 36 <langfang>
3.基于用户名和密码验证
兆维机房配置如下:
1 “兆维机房”配置如下: 2 <Huawei>system-view 3 [Huawei]sysname zhaowei 4 [zhaowei]interface Ethernet 0/0/1 5 [zhaowei-Ethernet0/0/1]ip address 172.30.1.1 24 6 [zhaowei-Ethernet0/0/1]undo shutdown 7 [zhaowei-Ethernet0/0/1]display this 8 # 9 interface Ethernet0/0/1 10 ip address 172.30.1.1 255.255.255.0 11 # 12 return 13 [zhaowei-Ethernet0/0/1] 14 [zhaowei-Ethernet0/0/1]quit
鲁谷机房配置如下:
1 “鲁谷机房”配置如下: 2 <Huawei>system-view 3 [Huawei]sysname lugu 4 [lugu]interface Ethernet 0/0/1 5 [lugu-Ethernet0/0/1]ip address 172.30.1.2 24 6 [lugu-Ethernet0/0/1]display this 7 # 8 interface Ethernet0/0/1 9 ip address 172.30.1.2 255.255.255.0 10 # 11 return 12 [lugu-Ethernet0/0/1] 13 [lugu-Ethernet0/0/1]undo shutdown 14 [lugu-Ethernet0/0/1]quit 15 [lugu]user-interface vty 0 4 16 [lugu-ui-vty0-4]authentication-mode aaa 17 [lugu-ui-vty0-4]user privilege level 3 18 [lugu-ui-vty0-4]quit 19 [lugu]aaa #进入aaa配置模式,这是华为的一个特色,哈哈 20 [lugu-aaa]local-user yinzhengjie password cipher 123 #创建一 21 22 个用户是尹正杰,密码是用密文加密的是"123" 23 [lugu-aaa]local-user yinzhengjie service-type telnet #只给 24 25 yinzhengjie 这个用户telnet的权限 26 [lugu-aaa]quit 27 [lugu]super password simple yinzhengjie #设置用户模式进入系统 28 29 配置模式的密码为yinzhengjie,加密格式是明文的哟,可以用dis cu 30 31 来查看到这个密码,建议设置成密文。根据你的重要性了
测试:
1 测试: 2 3 [zhaowei-Ethernet0/0/1]display this 4 # 5 interface Ethernet0/0/1 6 ip address 172.30.1.1 255.255.255.0 7 # 8 return 9 [zhaowei-Ethernet0/0/1]ping 172.30.1.2 10 PING 172.30.1.2: 56 data bytes, press CTRL_C to break 11 Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=60 ms 12 Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=40 ms 13 Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms 14 Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=50 ms 15 Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=40 ms 16 17 --- 172.30.1.2 ping statistics --- 18 5 packet(s) transmitted 19 5 packet(s) received 20 0.00% packet loss 21 round-trip min/avg/max = 30/44/60 ms 22 23 [zhaowei-Ethernet0/0/1] 24 <zhaowei>telnet 172.30.1.2 25 Trying 172.30.1.2 ... 26 Press CTRL+K to abort 27 Connected to 172.30.1.2 ... 28 29 30 Login authentication 31 32 33 Username:yinzhengjie 34 Password: 35 Info: The max number of VTY users is 10, and the number 36 of current VTY users on line is 1. 37 The current login time is 2017-04-18 18:56:35. 38 <lugu>
二.华为配置远程的主要命令说明
1 [yinzhengjie]aaa 2 [yinzhengjie-aaa]local-user yinzhengjie password cipher 123 3 [yinzhengjie-aaa]local-user yinzhengjie privilege level 15 4 [yinzhengjie-aaa]local-user yinzhengjie service-type telnet 5 [yinzhengjie-aaa]quit 6 [yinzhengjie]user-interface vty 0 4 7 [yinzhengjie-ui-vty0-4]authentication-mode aaa 8 [yinzhengjie-ui-vty0-4]user privilege level 15 9 [yinzhengjie-ui-vty0-4]protocol inbound telnet 10 [yinzhengjie-ui-vty0-4]quit 11 [yinzhengjie]telnet server enable
三.H3C配置远程管理的案例展示
网络拓扑图实验:
1.不需要验证(none,该方式不推荐使用,一般都是你在实验的时候可以这样配置,现实中切记不要使用哟!)
1 1>.R1路由器配置如下 2 [R1]interface GigabitEthernet 0/0 3 [R1-GigabitEthernet0/0]ip address 172.30.1.1 24 4 [R1-GigabitEthernet0/0]undo shutdown 5 [R1-GigabitEthernet0/0]quit 6 [R1]telnet server enable ------开启Telnet服务 7 [R1]user-interface vty 0 4 8 [R1-line-vty0-4]authentication-mode none 9 [R1-line-vty0-4]user-role level-15 ------->指定登录账号的级别 10 [R1-line-vty0-4] 11 12 2>.R2路由器配置如下 13 [R2]interface GigabitEthernet 0/0 14 [R2-GigabitEthernet0/0]ip address 172.30.1.2 24 15 [R2-GigabitEthernet0/0]undo shutdown 16 [R2-GigabitEthernet0/0]ping 172.30.1.1 17 Ping 172.30.1.1 (172.30.1.1): 56 data bytes, press CTRL_C to break 18 56 bytes from 172.30.1.1: icmp_seq=0 ttl=255 time=1.067 ms 19 56 bytes from 172.30.1.1: icmp_seq=1 ttl=255 time=0.590 ms 20 56 bytes from 172.30.1.1: icmp_seq=2 ttl=255 time=0.640 ms 21 56 bytes from 172.30.1.1: icmp_seq=3 ttl=255 time=0.605 ms 22 56 bytes from 172.30.1.1: icmp_seq=4 ttl=255 time=0.578 ms 23 24 --- Ping statistics for 172.30.1.1 --- 25 5 packets transmitted, 5 packets received, 0.0% packet loss 26 round-trip min/avg/max/std-dev = 0.578/0.696/1.067/0.187 ms 27 [R2-GigabitEthernet0/0]%Feb 23 02:22:13:211 2018 R2 PING/6/PING_STATISTICS: Ping statistics for 172.30.1.1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.578/0.696/1.067/0.187 ms. 28 29 [R2-GigabitEthernet0/0]quit 30 [R2]quit 31 <R2>telnet 172.30.1.1 ------->这里我们就开始Telnet设备R1,只要2个设备连通就可以远程上去了 32 Trying 172.30.1.1 ... 33 Press CTRL+K to abort 34 Connected to 172.30.1.1 ... 35 36 ****************************************************************************** 37 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * 38 * Without the owner's prior written consent, * 39 * no decompiling or reverse-engineering shall be allowed. * 40 ****************************************************************************** 41 42 <R1>
2.只需要密码验证(password)
1 1.R1路由器配置如下: 2 [R1]interface GigabitEthernet 0/0 3 [R1-GigabitEthernet0/0]ip address 172.30.1.1 24 4 [R1-GigabitEthernet0/0]undo shutdown 5 [R1-GigabitEthernet0/0]quit 6 [R1]telnet server enable 7 [R1]user-interface vty 0 4 8 [R1-line-vty0-4]authentication-mode password ----->开启认证模式为password模式 9 [R1-line-vty0-4]set authentication password simple 123 ------>设置认证密码为123(明文哟) 10 [R1-line-vty0-4]user-role level-15 ------->设置账户的等级为15级 11 [R1-line-vty0-4] 12 13 2>.R2路由器配置如下 14 [R2]interface GigabitEthernet 0/0 15 [R2-GigabitEthernet0/0]IP address 172.30.1.2 24 16 [R2-GigabitEthernet0/0]undo shutdown 17 [R2-GigabitEthernet0/0]quit 18 [R2]quit 19 <R2>telnet 172.30.1.1 ------->开始远程R1路由器 20 Trying 172.30.1.1 ... 21 Press CTRL+K to abort 22 Connected to 172.30.1.1 ... 23 24 ****************************************************************************** 25 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * 26 * Without the owner's prior written consent, * 27 * no decompiling or reverse-engineering shall be allowed. * 28 ****************************************************************************** 29 30 Password: ------->我们需要设置R1设置的密码, 即“123” 31 <R1> 32 <R1> 33 <R1>
3.需要用户名和密码验证(scheme方式)
1 1>.R1路由器配置如下: 2 [R1]interface GigabitEthernet 0/0 3 [R1-GigabitEthernet0/0]IP address 172.30.1.1 24 4 [R1-GigabitEthernet0/0]undo shutdown 5 [R1-GigabitEthernet0/0]quit 6 [R1]telnet server enable 7 [R1]user-interface vty 0 4 8 [R1-line-vty0-4]authentication-mode scheme ------>开启用户名密码登录方式 9 [R1-line-vty0-4]user-role level-15 10 [R1-line-vty0-4]quit 11 [R1]local-user yinzhengjie 12 New local user added. 13 [R1-luser-manage-yinzhengjie]password simple 123 ------>设置明文密码为"123" 14 [R1-luser-manage-yinzhengjie]service-type telnet ----->设置服务类型及优先级 15 [R1-luser-manage-yinzhengjie]quit 16 [R1]super password simple 666 ------>这里我们设置了普通视图进入系统视图的密码,个别用户是需要输入这个密码才可以登录进来的哟! 17 18 19 20 2>.R2路由器配置如下: 21 [R2]interface GigabitEthernet 0/0 22 [R2-GigabitEthernet0/0]ip address 172.30.1.2 24 23 [R2-GigabitEthernet0/0]undo shutdown 24 [R2-GigabitEthernet0/0]quit 25 [R2]quit 26 <R2>telnet 172.30.1.1 27 Trying 172.30.1.1 ... 28 Press CTRL+K to abort 29 Connected to 172.30.1.1 ... 30 31 ****************************************************************************** 32 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * 33 * Without the owner's prior written consent, * 34 * no decompiling or reverse-engineering shall be allowed. * 35 ****************************************************************************** 36 37 login: yinzhengjie ----->这里我们输入在R1上配置的用户名“yinzhengjie” 38 Password: ------>这里我们输入用户名“yinzhengjie”对应的密码“123” 39 <R1> 40 <R1> 41