最近才用到SSH的登录功能,简单的学习总结。大佬勿喷!!!
用ENSP完成SSH登录实验(设备间相互登录),学起来学起来!!
具体思路:
- 设备连线,启动。
- 配置设备名称及接口IP地址。
- 配置SSH登录参数。
- 配置SSH所用用户名及密码。
- 测试实验结果。
1.设备连线,启动。
两台设备使用G0/0/0口互联,右击启动设备。
2.配置设备名称及接口IP地址。
AR1设备改名为AR-1。AR-1的G0/0/0物理口,配置IP地址为10.10.10.10/24。
AR2设备改名为AR-2。AR-2的G0/0/0物理口,配置IP地址为10.10.10.20/24。
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR-1
[AR-1]interface GigabitEthernet 0/0/0
[AR-1-GigabitEthernet0/0/0]ip add 10.10.10.10 24
Oct 29 2024 13:43:45-08:00 AR-1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol I
P on the interface GigabitEthernet0/0/0 has entered the UP state.
[AR-1-GigabitEthernet0/0/0]quit
[AR-1]
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR-2
[AR-2]interface GigabitEthernet 0/0/0
[AR-2-GigabitEthernet0/0/0]ip add 10.10.10.20 24
Oct 29 2024 13:44:03-08:00 AR-2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol I
P on the interface GigabitEthernet0/0/0 has entered the UP state.
[AR-2-GigabitEthernet0/0/0]quit
[AR-2]
3. 配置SSH登录参数。
设备下使能STelnet功能。
这里做一个小科普:
STelnet和SSH是两种不同的远程登录协议,它们在安全性、数据传输方式等方面存在显著差异。STelnet是Secure Telnet的简称,它通过SSH协议实现数据加密和认证,但本质上仍然使用Telnet协议进行数据传输。
[AR-1]stelnet server enable
Info: Succeeded in starting the STELNET server.
[AR-2]stelnet server enable
Info: Succeeded in starting the STELNET server.
在SSH服务端生成本地RSA密钥对。由于两台设备要互为服务端所以要在两台设备都敲这条命令。
[AR-1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
......++++++++++++
..++++++++++++
................++++++++
..++++++++
[AR-2]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
........++++++++++++
.................++++++++++++
..................++++++++
.++++++++
在SSH客户端使能首次认证。
[AR-1]ssh client first-time enable
[AR-2]ssh client first-time enable
4.配置SSH所用用户名及密码。
进入AAA视图,创建用于SSH登录的用户米及密码。设置对应的用户登记,用户指定连接方式。
AR-1的用户名:admin123,密码:huawei@123。
AR-2的用户名:admin321,密码:huawei@321。
[AR-1]aaa
[AR-1-aaa]local-user Admin123 password cipher huawei@123 privilege level 15
Info: Add a new user.
[AR-1-aaa]local-user Admin123 service-type ssh
[AR-1-aaa]quit
[AR-1]
[AR-2]aaa
[AR-2-aaa]local-user admin321 password cipher huawei@321 privilege level 15
Info: Add a new user.
[AR-2-aaa]local-user Admin321 service-type ssh
[AR-2-aaa]quit
[AR-2]
配置最大登录用户及认证,认证改成仅支持AAA。并设置允许SSH协议登录。
[AR-1]user-interface vty 0 4
[AR-1-ui-vty0-4]authentication-mode aaa
[AR-1-ui-vty0-4]protocol inbound ssh
[AR-1-ui-vty0-4]quit
[AR-1]
[AR-2]user-interface vty0 4
[AR-2-ui-vty0-4]authentication-mode aaa
[AR-2-ui-vty0-4]protocol inbound ssh
[AR-2-ui-vty0-4]quit
[AR-2]
在SSH内创建与AAA与的local-user同名的用户。
[AR-1]ssh user admin123 authentication-type password
[AR-2]ssh user admin321 authentication-type password
5.测试实验结果。
在AR-1上使用SSH,远程登录AR-2。
[AR-1]stelnet 10.10.10.20
Please input the username:admin321
Trying 10.10.10.20 ...
Press CTRL+K to abort
Connected to 10.10.10.20 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Oct 29 2024 13:57:15-08:00 AR-1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server
had not been authenticated in the process of exchanging keys. When deciding whet
her to continue, the user chose Y.
[AR-1]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.10.10.20. Please wait...
Oct 29 2024 13:57:17-08:00 AR-1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whe
ther to save the server's public key 10.10.10.20, the user chose Y.
[AR-1]
Enter password:
<AR-2>
在AR-2上使用SSH,远程登录AR-1。
[AR-2]stelnet 10.10.10.10
Please input the username:admin123
Trying 10.10.10.10 ...
Press CTRL+K to abort
Connected to 10.10.10.10 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Oct 29 2024 13:50:18-08:00 AR-2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server
had not been authenticated in the process of exchanging keys. When deciding whet
her to continue, the user chose Y.
[AR-2]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.10.10.10. Please wait...
Oct 29 2024 13:50:21-08:00 AR-2 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding whe
ther to save the server's public key 10.10.10.10, the user chose Y.
[AR-2]
Enter password:
<AR-1>
如果下连有PC设备,PC的远程连接命令如下:
ssh 用户名@目标设备可达的IP地址
ssh admin123@10.10.10.10
ssh admin321@10.10.10.20
AR-1 配置文件:
<AR-1>dis current-configuration
[V200R003C00]
#
sysname AR-1
#
rsa peer-public-key 10.10.10.20
public-key-code begin
3047
0240
DBFF2F36 1E0355AE E95E476A 40C6BFD6 2A7B6DBF EAC5E7B9 C76F88BD 911E97F1
962C024A 32673C2B D9F90B31 0A051E7A 261725F2 98E714D4 BA1B106D A5141125
0203
010001
public-key-code end
peer-public-key end
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user admin123 password cipher %$%$.~lz86aZ,.LzI&A(N7E&~J|y%$%$
local-user admin123 privilege level 15
local-user admin123 service-type ssh
#
interface GigabitEthernet0/0/0
ip address 10.10.10.10 255.255.255.0
#
ssh client 10.10.10.20 assign rsa-key 10.10.10.20
ssh client first-time enable
stelnet server enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
#
return
AR-2 配置文件:
[V200R003C00]
#
sysname AR-2
#
rsa peer-public-key 10.10.10.10
public-key-code begin
3047
0240
F8A76004 52782D3D 5909BB5B 4A3CB8B4 D5088486 3F83BEDC D1E87BE1 41C94D98
643E4E0B 36543045 46C11E81 4F92FD7B CAC33DDD 7E963D28 C814B955 1E1AE6D1
0203
010001
public-key-code end
peer-public-key end
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user admin321 password cipher %$%$HKVIUGjiM6OE$P$k6/CT~YQz%$%$
local-user admin321 privilege level 15
local-user admin321 service-type ssh
#
interface GigabitEthernet0/0/0
ip address 10.10.10.20 255.255.255.0
#
ssh client 10.10.10.10 assign rsa-key 10.10.10.10
ssh client first-time enable
stelnet server enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user-interface vty 16 20
#
return