标签:协议 R1 1.2 ender 案例 202.100 SSH user
1.在华为设备上配置SSH协议
1.1 按图配置端口的ip地址,并做连通性测试
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 202.100.1.1 255.255.255.252
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip address 202.100.1.2 255.255.255.252
[R1-GigabitEthernet0/0/0]ping 202.100.1.2
PING 202.100.1.2: 56 data bytes, press CTRL_C to break
Reply from 202.100.1.2: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 202.100.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 202.100.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 202.100.1.2: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 202.100.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 202.100.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/44/110 ms
1.2 在R1上完成SSH协议配置
[R1]aaa //进入AAA模式
[R1-aaa]local-user ender password cipher qytang //创建本地用户ender,密码为qytang
[R1-aaa]local-user ender privilege level 15 //该用户的级别为最高的15级
[R1-aaa]local-user ender service-type ssh //该用户用于SSH登录
[R1-aaa]quit //退出AAA模式
[R1]ssh user ender authentication-type password //SSH用户ender通过密码进行认证
Authentication type setted, and will be in effect next time
[R1]stelnet server enable //开启SSH服务,该服务默认处于关闭状态
Info: Succeeded in starting the STELNET server. //SSH服务已成功开启
[R1]rsa local-key-pair create //在设备上创建RSA的Key
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:768 //使用768位而非512位
Generating keys...
...++++++++
.....++++++++
......+++++++++
..................................................+++++++++
[R1]
[R1]user-interface vty 0 4 //进入VTY通道
[R1-ui-vty0-4]authentication-mode aaa //在VTY通道的认证模式中选择AAA模式
[R1-ui-vty0-4]protocol inbound ssh //VTY允许SSH登录
[R1-ui-vty0-4]
1.3 完成SSH登录测试
[R2]ssh client first-time enable //第一次登陆时使用
[R2]stelnet 202.100.1.1
Please input the username:ender
Trying 202.100.1.1 ...
Press CTRL+K to abort
Connected to 202.100.1.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Oct 18 2023 20:00:15-08:00 R2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y.
[R2]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 202.100.1.1. Please wait...
Oct 18 2023 20:00:19-08:00 R2 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding wheth
er to save the server's public key 202.100.1.1, the user chose Y.
[R2]
Enter password:
<R1>display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
0 CON 0 00:02:21 pass
Username : Unspecified
+ 129 VTY 0 00:00:00 SSH 202.100.1.2 pass
Username : ender
<R1>
2.在华三设备上配置SSH协议
2.1 配置端口并作连通性测试
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/1]ip address 10.1.11.1 29
[SW1]interface GigabitEthernet 1/0/1
[SW1-GigabitEthernet1/0/1]port link-mode route
[SW1-GigabitEthernet1/0/1]ip address 10.1.11.2 29
[SW1-GigabitEthernet1/0/1]ping 10.1.11.1
Ping 10.1.11.1 (10.1.11.1): 56 data bytes, press CTRL+C to break
56 bytes from 10.1.11.1: icmp_seq=0 ttl=255 time=3.000 ms
56 bytes from 10.1.11.1: icmp_seq=1 ttl=255 time=2.000 ms
2.2 在R1上配置SSH协议
[R1]ssh server enable
[R1]local-user ender
New local user added.
[R1-luser-manage-ender]password simple qytang123456
[R1-luser-manage-ender]service-type ssh
[R1-luser-manage-ender]quit
[R1]user-interface vty 0 4
[R1-line-vty0-4]authentication-mode scheme
[R1-line-vty0-4]protocol inbound ssh
[R1-line-vty0-4]user-role level-15
2.3 在SW1上完成SSH登录测试
<SW1>ssh 10.1.11.1
Username: ender
Press CTRL+C to abort.
Connecting to 10.1.11.1 port 22.
The server is not authenticated. Continue? [Y/N]:y
Do you want to save the server public key? [Y/N]:y
ender@10.1.11.1's password:
Enter a character ~ and a dot to abort.
******************************************************************************
* Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<R1>system-view
System View: return to User View with Ctrl+Z.
[R1]
标签:协议,
R1,
1.2,
ender,
案例,
202.100,
SSH,
user
From: https://www.cnblogs.com/xl4ng/p/17770973.html