华为SSH实验
实验拓扑:
实验要求:从SSH客户端AR1采用stelnet方式登录到SSH 服务器端。
实验步骤:
1.完成基本配置(略)
sys
Enter system view, return user view with Ctrl+Z.
AR1\]sys CLIENT \[CLIENT\]INT g0/0/0 \[CLIENT-GigabitEthernet0/0/0\]ip add 10.1.1.2 24 sys Enter system view, return user view with Ctrl+Z. \[AR4\]sys SERVER \[SERVER\]INT g0/0/0 \[SERVER-GigabitEthernet0/0/0\]ip add 10.1.1.2 24 2.在server端配置安全密钥对 \[SERVER\]rsa local-key-pair create The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)\[n\]:y The range of public key size is (512 \~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus\[default = 512\]:512 Generating keys... ...++++++++++++ ...++++++++++++ ...++++++++ ...++++++++ \[SERVER
SERVER\]dis rsa local-key-pair public 在服务器端查看刚刚配置的公钥 3.在服务器端创建VTY服务 \[SERVER\]user-interface vty 0 4 启用VTY服务 \[SERVER-ui-vty0-4\]authentication-mode aaa 认证模式采用AAA \[SERVER-ui-vty0-4\]protocol inbound ssh 定义流量(从外面进来的流量是ssh) \[SERVER-ui-vty0-4\]q 4.在服务端配置AAA服务 \[SERVER\]aaa 启用AAA服务 \[SERVER-aaa\]local-user zyh password cipher huawei 配置本地用户zyh密码是huawei \[SERVER-aaa\]local-user zyh service-type ssh 用户zyh服务类型是ssh \[SERVER-aaa\]local-user zyh privilege level 3 用户zyh的运行级别是三级 \[SERVER-aaa\]q 5.在服务端配置SSH用户的访问认证方式并启用stelnet服务 \[SERVER\]ssh user zyh authentication-type password Authentication type setted, and will be in effect next time \[SERVER\]stelnet server enable 系统默认该服务是关闭的所以使用时候需要开启 6.配置客户端 sys \[CLIENT\]ssh client first-time enable 把客户端首次使用SSH开启 7.进行测试 \[CLIENT\]stelnet 10.1.1.2 Please input the username:zyh Trying 10.1.1.2 ... Press CTRL+K to abort Connected to 10.1.1.2 ... The server is not authenticated. Continue to access it? (y/n)\[n\]:y Save the server's public key? (y/n)\[n\]:y The server's public key will be saved with the name 10.1.1.2. Please wait... Enter password: 采用SSH服务安全登录到远程服务端设备,实验成功。 小结:采用stelnet登录目标设备的配置虽有有点繁琐,但安全性却有了极大的提升,特别是密钥对的强度选择和SSH协议的配合使用,安全有了很大的保证。