1,telnet
[Huawei]telnet server enable
[Huawei]aaa
[Huawei-aaa]local-user admin password cipher 123456
[Huawei-aaa]local-user admin privilege level 15
[Huawei-aaa]local-user admin service-type telnet[Huawei]user-interface vty 0 4 进入虚拟视图
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]protocol inbound telnet/all
登录:
telnet IP
2,SSH 加密远程登录
1.数据传输是加密的
2.可以通过SFTP进行上传下载
3.扩展性强
SSH 加密远程登录,相对于telnet较为复杂
AR1:
[AR1]stelnet server enable 开启ssh登录功能
[AR1]aaa
[AR1-aaa]local-user admin password cipher 123456 设置密码
[AR1-aaa]local-user admin privilege level 15 设置用户等级
[AR1-aaa]local-user admin service-type ssh 设置该用户用于ssh服务[AR1]user-interface vty 0 4 进入虚拟线路0 4
[AR1-ui-vty0-4]authentication-mode aaa 设置认证模式AAA
[AR1-ui-vty0-4]protocol inbound ssh 设置只允许ssh[AR1]ssh user admin authentication-type password 设置用户user01认证访方式为密码认证
[AR1]ssh user admin service-type stelnet[AR1]rsa local-key-pair create 创建SSH使用的公钥和私钥
AR2
[AR2]ssh client first-time enable 开启ssh登录功能
[AR2]stelnet 12.1.1.1 尝试登录
以下可以忽略:
[Huawei]aaa
[Huawei-aaa]authentication-scheme auth1
配置域的认证方案(缺省情况下,域使用名为“default”的认证方案)
[Huawei-aaa-authen-auth1]authentication-mode local
设置为本地认证(缺省情况下,认证方式为本地认证)
[Huawei-aaa-authen-auth1]q
[Huawei-aaa]authorization-scheme auth2
配置域的授权方案(缺省情况下,域下没有绑定授权方案)
[Huawei-aaa-authen-auth2]authorization-mode local
配置当前授权方案使用的授权方式(缺省情况下,授权模式为本地授权方式)
[Huawei-aaa-authen-auth2]q
[Huawei-aaa]domain huawei 创建域
[Huawei-aaa-domain-huawei]authentication-scheme auth1 配置域的认证方案
[Huawei-aaa-domain-huawei]authorization-scheme auth2 配置域的授权方案
Huawei-aaa]local-user sb password cipher 123456
[Huawei-aaa]local-user sb service-type telnet
[Huawei-aaa]local-user sb privilege level 3
[Huawei-aaa]q
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]q
登录方式:
在系统视图 telnet 192.168.1.1