用ENSP完成SSH登录实验(设备间登录),学起来学起来!!

最近才用到SSH的登录功能,简单的学习总结。大佬勿喷!!!

用ENSP完成SSH登录实验(设备间相互登录),学起来学起来!!

具体思路:

  1. 设备连线,启动。
  2. 配置设备名称及接口IP地址。
  3. 配置SSH登录参数。
  4. 配置SSH所用用户名及密码。
  5. 测试实验结果。

1.设备连线,启动。

在这里插入图片描述

两台设备使用G0/0/0口互联,右击启动设备。

2.配置设备名称及接口IP地址。

AR1设备改名为AR-1。AR-1的G0/0/0物理口,配置IP地址为10.10.10.10/24。
AR2设备改名为AR-2。AR-2的G0/0/0物理口,配置IP地址为10.10.10.20/24。

<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR-1
[AR-1]interface GigabitEthernet 0/0/0
[AR-1-GigabitEthernet0/0/0]ip add 10.10.10.10 24
Oct 29 2024 13:43:45-08:00 AR-1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol I
P on the interface GigabitEthernet0/0/0 has entered the UP state. 
[AR-1-GigabitEthernet0/0/0]quit
[AR-1]
<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR-2
[AR-2]interface GigabitEthernet 0/0/0
[AR-2-GigabitEthernet0/0/0]ip add 10.10.10.20 24
Oct 29 2024 13:44:03-08:00 AR-2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol I
P on the interface GigabitEthernet0/0/0 has entered the UP state. 
[AR-2-GigabitEthernet0/0/0]quit
[AR-2]

3. 配置SSH登录参数。

设备下使能STelnet功能。
这里做一个小科普:‌
STelnet和SSH是两种不同的远程登录协议,它们在安全性、数据传输方式等方面存在显著差异‌。STelnet是Secure Telnet的简称,它通过SSH协议实现数据加密和认证,但本质上仍然使用Telnet协议进行数据传输。‌

[AR-1]stelnet server  enable 
Info: Succeeded in starting the STELNET server.
[AR-2]stelnet server  enable 
Info: Succeeded in starting the STELNET server.

在SSH服务端生成本地RSA密钥对。由于两台设备要互为服务端所以要在两台设备都敲这条命令。

[AR-1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
......++++++++++++
..++++++++++++
................++++++++
..++++++++
[AR-2]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
........++++++++++++
.................++++++++++++
..................++++++++
.++++++++

在SSH客户端使能首次认证。

[AR-1]ssh client first-time enable
[AR-2]ssh client first-time enable

4.配置SSH所用用户名及密码。

进入AAA视图,创建用于SSH登录的用户米及密码。设置对应的用户登记,用户指定连接方式。

AR-1的用户名:admin123,密码:huawei@123。
AR-2的用户名:admin321,密码:huawei@321。

[AR-1]aaa
[AR-1-aaa]local-user Admin123 password cipher huawei@123 privilege level 15
Info: Add a new user.
[AR-1-aaa]local-user Admin123 service-type ssh
[AR-1-aaa]quit
[AR-1]
[AR-2]aaa	
[AR-2-aaa]local-user admin321 password cipher huawei@321 privilege level 15
Info: Add a new user.
[AR-2-aaa]local-user Admin321 service-type ssh
[AR-2-aaa]quit
[AR-2]

配置最大登录用户及认证,认证改成仅支持AAA。并设置允许SSH协议登录。

[AR-1]user-interface vty 0 4
[AR-1-ui-vty0-4]authentication-mode aaa
[AR-1-ui-vty0-4]protocol inbound ssh
[AR-1-ui-vty0-4]quit
[AR-1]
[AR-2]user-interface vty0 4
[AR-2-ui-vty0-4]authentication-mode aaa
[AR-2-ui-vty0-4]protocol inbound ssh
[AR-2-ui-vty0-4]quit
[AR-2]

在SSH内创建与AAA与的local-user同名的用户。

[AR-1]ssh user admin123 authentication-type password
[AR-2]ssh user admin321 authentication-type password

5.测试实验结果。

在AR-1上使用SSH,远程登录AR-2。

[AR-1]stelnet 10.10.10.20
Please input the username:admin321
Trying 10.10.10.20 ...
Press CTRL+K to abort
Connected to 10.10.10.20 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Oct 29 2024 13:57:15-08:00 AR-1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server 
had not been authenticated in the process of exchanging keys. When deciding whet
her to continue, the user chose Y. 
[AR-1]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.10.10.20. Please wait...

Oct 29 2024 13:57:17-08:00 AR-1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whe
ther to save the server's public key 10.10.10.20, the user chose Y. 
[AR-1]
Enter password:
<AR-2>

在AR-2上使用SSH,远程登录AR-1。

[AR-2]stelnet 10.10.10.10
Please input the username:admin123
Trying 10.10.10.10 ...
Press CTRL+K to abort
Connected to 10.10.10.10 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Oct 29 2024 13:50:18-08:00 AR-2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server 
had not been authenticated in the process of exchanging keys. When deciding whet
her to continue, the user chose Y. 
[AR-2]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.10.10.10. Please wait...

Oct 29 2024 13:50:21-08:00 AR-2 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding whe
ther to save the server's public key 10.10.10.10, the user chose Y. 
[AR-2]
Enter password:
<AR-1>

如果下连有PC设备,PC的远程连接命令如下:

ssh 用户名@目标设备可达的IP地址

ssh admin123@10.10.10.10
ssh admin321@10.10.10.20

AR-1 配置文件:

<AR-1>dis current-configuration 
[V200R003C00]
#
 sysname AR-1
#
 rsa peer-public-key 10.10.10.20
  public-key-code begin
   3047
     0240
       DBFF2F36 1E0355AE E95E476A 40C6BFD6 2A7B6DBF EAC5E7B9 C76F88BD 911E97F1
       962C024A 32673C2B D9F90B31 0A051E7A 261725F2 98E714D4 BA1B106D A5141125
     0203
       010001
  public-key-code end
 peer-public-key end
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
 local-user admin123 password cipher %$%$.~lz86aZ,.LzI&A(N7E&~J|y%$%$
 local-user admin123 privilege level 15
 local-user admin123 service-type ssh
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.10 255.255.255.0 
#
 ssh client 10.10.10.20 assign rsa-key 10.10.10.20
 ssh client first-time enable 
 stelnet server enable 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound ssh
user-interface vty 16 20
#
return

AR-2 配置文件:

[V200R003C00]
#
 sysname AR-2
#
 rsa peer-public-key 10.10.10.10
  public-key-code begin
   3047
     0240
       F8A76004 52782D3D 5909BB5B 4A3CB8B4 D5088486 3F83BEDC D1E87BE1 41C94D98
       643E4E0B 36543045 46C11E81 4F92FD7B CAC33DDD 7E963D28 C814B955 1E1AE6D1
     0203
       010001
  public-key-code end
 peer-public-key end
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
 local-user admin321 password cipher %$%$HKVIUGjiM6OE$P$k6/CT~YQz%$%$
 local-user admin321 privilege level 15
 local-user admin321 service-type ssh
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.20 255.255.255.0 
#
 ssh client 10.10.10.10 assign rsa-key 10.10.10.10
 ssh client first-time enable 
 stelnet server enable 
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound ssh
user-interface vty 16 20
#
return
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值