*红宝书------华为SSH协议的配置的要点*
路由器使用ssh协议来进行配置
1,需要在服务器上创建ssh账户并开启ssh协议
2,手工配置密钥(推荐768以上
3,VTY用户接口下允许开启SSH登录方式
R1配置
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn
[Huawei]sysname r1
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ip address 202.100.1.1 255.255.255.252
Dec 11 2024 18:56:14-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]q
[r1]ping 202.100.1.2
PING 202.100.1.2: 56 data bytes, press CTRL_C to break
Reply from 202.100.1.2: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 202.100.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 202.100.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 202.100.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 202.100.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 202.100.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/80 ms
[r1]aaa
//进入aaa认证
[r1-aaa]local-user ender password cipher qytang
Info: Add a new user.
//创建本地用户ender 密码为qytang
[r1-aaa]local-user ender privilege level 15
//用户的级别为最高的15级
[r1-aaa]local-user ender service-type ssh
//该用户用于ssh登录
[r1-aaa]q
[r1]ssh user ender authentication-type password
//ssh用户ender通过密码进行认证
Authentication type setted, and will be in effect next time
[r1]stelnet server enable
//开启ssh
Info: Succeeded in starting the STELNET server.
[r1]rsa local-key-pair create
//创建rsa的key
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:768
Generating keys...
....++++++++
.............++++++++
....................+++++++++
.....................................................................+++++++++
[r1]user-interface vty 0 4
//进入VTY通道
[r1-ui-vty0-4]au
[r1-ui-vty0-4]authentication-mode aaa
//选择AAA认证
[r1-ui-vty0-4]p
[r1-ui-vty0-4]pro
[r1-ui-vty0-4]protocol inb
[r1-ui-vty0-4]protocol inbound ssh
//vty允许SSh登录
[r1-ui-vty0-4]
Dec 11 2024 19:02:14-08:00 r1 %%01SSH/4/SSH_FAIL(l)[1]:Failed to log in through
SSH. (Ip=202.100.1.2, UserName=ender, Times=16777216).
[r1-ui-vty0-4]q
[r1]save
^
Error: Unrecognized command found at '^' position.
[r1]q
<r1>saver2
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn
[Huawei]sysname r2
[r2]in
[r2]inte
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ip address 202.100.1.2 255.255.255.252
[r2]stelnet 202.100.1.1
Please input the username:ender
Trying 202.100.1.1 ...
Press CTRL+K to abort
Connected to 202.100.1.1 ...
Error: Failed to verify the server's public key.
Please run the command "ssh client first-time enable"to enable the first-time ac
cess function and try again.
[r2]
[r2]ssh client first-time enable
//启用SSH客户端首次登录时的提示
[r2]stelnet 202.100.1.1
Please input the username:ender
Trying 202.100.1.1 ...
Press CTRL+K to abort
Connected to 202.100.1.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Dec 11 2024 19:01:54-08:00 r2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y.
[r2]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 202.100.1.1. Please wait...
Dec 11 2024 19:02:10-08:00 r2 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding wheth
er to save the server's public key 202.100.1.1, the user chose Y.
[r2]
Enter password:
Enter password:
<r1>display user
^
Error:Ambiguous command found at '^' position.
<r1>
<r1>display use
<r1>display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
0 CON 0 00:02:06 pass
Username : Unspecified
+ 130 VTY 1 00:00:00 SSH 202.100.1.2 pass
Username : ender Username : Unspecified
- 130 VTY 1 00:00:00 SSH 202.100.1.2 pass
Username : ender