华为设备SSH远程登录配置

最新推荐文章于 2024-05-29 16:42:48 发布

明眸-VLANif

最新推荐文章于 2024-05-29 16:42:48 发布

阅读量3.1k

点赞数 20

文章标签：网络

本文链接：https://blog.csdn.net/m0_68364521/article/details/136192715

版权

文章目录

- 概要
- 场景及实施流程
- 技术细节
- 小结

概要

由于Telnet缺少安全的认证方式，且传输过程采用明文传输，存在很大安全隐患（FTP也采用明文传输密码和数据）。

STelnet是Secure Telnet 的简称，服务器通过对客户端的认证以及双向数据加密，为网络终端提供安全的Telnet服务。

SSH（Secure Shell）是一个网络安全协议，通过认证功能和数据加密，保护设备不受IP地址欺诈、明文密码截取等攻击。

场景及实施流程

由于eNSP软件自带PC没有SSH客户端，本实验采用两台路由器模拟。R1为客户端，R2为服务器。

图1

1、配置互联接口

[Huawei]sys R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 1.1.1.1 24

[Huawei]sys R2
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 1.1.1.2 24

2、开启服务器端SSH功能（默认关闭）

[R2]stelnet server enable
Info: Succeeded in starting the STELNET server.

3、在SSH服务器端生成本地RSA密钥对，配合后期验证登录

[R2]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
..++++++++++++
...................++++++++++++
..............................................++++++++
.++++++++

[R2]dis rsa local-key-pair public 

=====================================================
Time of Key pair created: 2024-02-21 14:57:11-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
  0240
    C4D3F662 41482AFE A51CE29A E688F2B1 89778E41
    59FE9C84 9547F622 CBB355FB 7D03A802 4BDEB381
    880476FD EC42BCE9 782F53D2 2364F565 8343516F
    B15AA441 
  0203
    010001

=====================================================
Time of Key pair created: 2024-02-21 14:57:17-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
  0260
    C38BCDC6 FF7A8ED9 6E2F6EC3 6BE6D801 22078E73
    A8F7DC24 03F43E7B 32777922 C61A4AAD 53D1EF91
    D42C7348 AD92C321 A4BF7C2A C90BE34C 429907AD
    A1C1E810 1B31E0A7 70C3CF69 4499297E E6668B45
    18DD6809 C906A517 24C8FC0A E6C5E429 
  0203
    010001

4、配置aaa视图

[R2]aaa
[R2-aaa]local-user Admin password cipher huawei privilege level 15
[R2-aaa]local-user Admin service-type ssh

5、配置vty用户界面参数

[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
[R2-ui-vty0-4]protocol inbound ssh

6、创建SSH用户

[R2]ssh user Admin authentication-type password

7、使用Stelnet命令连接SSH服务器

<R1>sys
Enter system view, return user view with Ctrl+Z.
[R1]stelnet 1.1.1.2
Please input the username:Admin
Trying 1.1.1.2 ...
Press CTRL+K to abort
Connected to 1.1.1.2 ...
Error: Failed to verify the server's public key.
Please run the command "ssh client first-time enable"to enable the first-time ac
cess function and try again.
[R1]ssh client first-time enable
[R1]stelnet 1.1.1.2
Please input the username:Admin
Trying 1.1.1.2 ...
Press CTRL+K to abort
Connected to 1.1.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Feb 21 2024 14:55:37-08:00 R1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y. 
[R1]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 1.1.1.2. Please wait...

Feb 21 2024 14:55:44-08:00 R1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wheth
er to save the server's public key 1.1.1.2, the user chose Y. 
[R1]
Enter password:
<R2>sys
Enter system view, return user view with Ctrl+Z

注：第一次登录时，客户端需要开启首次认证功能，本次将不会验证SSH服务器端的RSA公钥；登录后系统将自动分配并保存RSA公钥，在下次登录时验证。

技术细节

SSH基于TCP协议22端口传输数据，支持Password认证。客户端向服务器发送Password认证请求，将用户名和密码加密后发送给服务器，服务器解密后与自身保存的用户名和密码进行比对，并返还认证成功或失败消息。