实验拓扑:
实验流程:
1、AR1模拟客户端,AR2模拟远程登录服务器
1、AR2开启SSH服务,配置AAA本地用户
2、交换AR1和AR2的host主机密钥
3、实现AR1远程登录AR2
实验配置:
先配置AR1和AR2的IP地址
[AR1]int GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 192.168.1.2 24AR2开启SSH服务,配置本地AAA用户模板
[AR2]stelnet server enable
[AR2]user-interface vty 0 4
[AR2-ui-vty0-4]authentication-mode aaa
[AR2-ui-vty0-4]protocol inbound ssh
[AR2-ui-vty0-4]quit
[AR2]aaa
[AR2-aaa]local-user jjh password cipher 123
[AR2-aaa]local-user jjh service-type ssh
[AR2-aaa]local-user jjh privilege level 13
AR1和AR2创建本地密钥
[AR1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:512
Generating keys...
........................++++++++++++
...........++++++++++++
.....++++++++
......++++++++
[AR2]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:512
Generating keys...
........................++++++++++++
...........++++++++++++
.....++++++++
......++++++++查看并且复制AR1和AR2的host密钥(3047到010001,会有host和server别选错了,仔细看)
[AR1]dis rsa local-key-pair public
=====================================================
Time of Key pair created: 2024-04-04 10:02:15-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
CE7B3444 08289AFC 692BCF29 81C1CA0A E6B65115
8F5EEDE9 212B48ED 5D21B4E8 3C44DC57 D59B6BC6
845A7BA8 3F7DF5B2 9C7CD9E4 CA9192DE 7090A124
151DBA69
0203
010001
[AR2]dis rsa local-key-pair public
=====================================================
Time of Key pair created: 2007-08-25 16:35:02-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
C974420D DD712C58 36A67819 362FEB9C 9C17E326
24101B32 C272F9C9 E3CD06EB C2C73F7C BC89A0E0
994995EF 7885F359 57B25237 3D441556 A050F823
6087E121
0203
010001AR1和AR2交换对方的密钥
[AR1]rsa peer-public-key ar2
[AR1-rsa-public-key]public-key-code begin
[AR1-rsa-key-code]3047
[AR1-rsa-key-code]
[AR1-rsa-key-code] 0240
[AR1-rsa-key-code]
[AR1-rsa-key-code] C974420D DD712C58 36A67819 362FEB9C 9C17E326
[AR1-rsa-key-code]
[AR1-rsa-key-code] 24101B32 C272F9C9 E3CD06EB C2C73F7C BC89A0E0
[AR1-rsa-key-code]
[AR1-rsa-key-code] 994995EF 7885F359 57B25237 3D441556 A050F823
[AR1-rsa-key-code]
[AR1-rsa-key-code] 6087E121
[AR1-rsa-key-code]
[AR1-rsa-key-code] 0203
[AR1-rsa-key-code]
[AR1-rsa-key-code] 010001
[AR1-rsa-key-code]public-key-code end
[AR1-rsa-public-key]peer-public-key end
[AR2]rsa peer-public-key ar1
[AR2-rsa-public-key]public-key-code begin
[AR2-rsa-key-code]3047
[AR2-rsa-key-code]
[AR2-rsa-key-code] 0240
[AR2-rsa-key-code]
[AR2-rsa-key-code] CE7B3444 08289AFC 692BCF29 81C1CA0A E6B65115
[AR2-rsa-key-code]
[AR2-rsa-key-code] 8F5EEDE9 212B48ED 5D21B4E8 3C44DC57 D59B6BC6
[AR2-rsa-key-code]
[AR2-rsa-key-code] 845A7BA8 3F7DF5B2 9C7CD9E4 CA9192DE 7090A124
[AR2-rsa-key-code]
[AR2-rsa-key-code] 151DBA69
[AR2-rsa-key-code]
[AR2-rsa-key-code] 0203
[AR2-rsa-key-code]
[AR2-rsa-key-code] 010001
[AR2-rsa-key-code]public-key-code end
[AR2-rsa-public-key]peer-public-key end 为SSH用户分配密钥和选择身份认证方式
[AR2]ssh user jjh assign rsa-key ar1
[AR2]ssh user jjh authentication-type rsa此时在AR1即可通过密钥远程登录AR2
[AR1]ssh client first-time enable
[AR1]stelnet 192.168.1.2
Please input the username:jjh
Trying 192.168.1.2 ...
Press CTRL+K to abort
Connected to 192.168.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.1.2. Please wait...
<AR2>SSH的另一种方法,使用账号+密码的方式登录,在我主页第二个发表的文章
3194
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
