网络安全-防火墙shh连接-ensp

拓扑图

配置

Xshell for Xmanager Enterprise 5 (Build 0544)
Copyright (c) 2002-2015 NetSarang Computer, Inc. All rights reserved.

Type `help' to learn how to use Xshell prompt.
[c:\~]$ 

Connecting to 127.0.0.1:2000...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.

<USG6000V1>sy
sy
Enter system view, return user view with Ctrl+Z.
[USG6000V1]
Sep  7 2018 03:26:52 USG6000V1 %%01LOCATION/4/UPDATESUCCESS(l)[0]:Succeed in initializing signature database. (SyslogId=1, Module=LOCATION-SDB, Pre-UpdateVersion=0, Update
Version=2014010414, Status=init-load, Duration(s)=193)[USG6000V1]
           ^
Error: Unrecognized command found at '^' position.
 

<USG6000V1>sy
sy
Enter system view, return user view with Ctrl+Z.
[USG6000V1]

[USG6000V1]

[USG6000V1]

[USG6000V1]stelnet server en
stelnet server en
Info: Succeeded in starting the Stelnet server.
[USG6000V1]
Sep  7 2018 03:41:15 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 1, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1]int g 0/0/0
int g 0/0/0
[USG6000V1-GigabitEthernet0/0/0]dis th
dis th
#
interface GigabitEthernet0/0/0
 undo shutdown
 ip binding vpn-instance default
 ip address 192.168.0.1 255.255.255.0
 service-manage http permit
 service-manage https permit
 service-manage ping permit
 service-manage ssh permit
 service-manage snmp permit
 service-manage telnet permit
 service-manage netconf permit
#
return

[USG6000V1-GigabitEthernet0/0/0]rsa local-key-pair create
rsa local-key-pair create
The key name will be: USG6000V1_Host
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
       it will take a few minutes.
Input the bits in the modulus[default = 2048]:

 

//在这我默认2048

Generating keys...
...+++++
........................++
....++++
...........++

[USG6000V1]

[USG6000V1]user-interface vty 0 4
user-interface vty 0 4
[USG6000V1-ui-vty0-4]

[USG6000V1-ui-vty0-4]au aaa
au aaa
Warning: The level of the user-interface(s) will be the default level of AAA users,
 please check whether it is correct.

[USG6000V1-ui-vty0-4]

[USG6000V1-ui-vty0-4]authentication-mode aaa
authentication-mode aaa
Warning: The level of the user-interface(s) will be the default level of AAA users,
 please check whether it is correct.

[USG6000V1-ui-vty0-4]aaa
aaa
[USG6000V1-aaa]manager xumin
manager xumin
[USG6000V1-aaa-manager-user-xumin]
Sep  7 2018 04:36:15 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 2, the change loop count is 0, and the maximum number of records is 4095.

 

[USG6000V1-aaa-manager-user-xumin]service-type ssh
service-type ssh
[USG6000V1-aaa-manager-user-xumin]
Sep  7 2018 04:38:25 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 3, the change loop count is 0, and the maximum number of records is 4095.

[USG6000V1-aaa-manager-user-xumin]password cipher xumin@123
password cipher xumin@123
Info: You are advised to config on man-machine mode.
[USG6000V1-aaa-manager-user-xumin]
Sep  7 2018 04:39:35 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 4, the change loop count is 0, and the maximum number of records is 4095

[USG6000V1-aaa-manager-user-xumin]level 15
level 15
[USG6000V1-aaa-manager-user-xumin]
Sep  7 2018 04:40:35 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 5, the change loop count is 0, and the maximum number of records is 4095.
[USG6000V1-aaa-manager-user-xumin]q
q
[USG6000V1-aaa]q
q
[USG6000V1]ssh authentication-type default password
ssh authentication-type default password
           ^
Error: Unrecognized command found at '^' position.
[USG6000V1]ssh au default password
ssh au default password
[USG6000V1]
Sep  7 2018 04:43:05 USG6000V1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.19
1.3.1 configurations have been changed. The current change number is 6, the change loop count is 0, and the maximum number of records is 4095.[USG6000V1]
Sep  7 2018 04:44:33 USG6000V1 %%01SSH/4/SSH_FAIL(s)[1]:Failed to login through SSH
. (IP=192.168.0.103, VpnInstanceName=default, UserName=xumin, Times=1, FailedReason=User password authentication failed)

[USG6000V1]int g 0/0/0
int g 0/0/0
[USG6000V1-GigabitEthernet0/0/0]dis th
dis th
#
interface GigabitEthernet0/0/0
 undo shutdown
 ip binding vpn-instance default
 ip address 192.168.0.1 255.255.255.0
 service-manage http permit
 service-manage https permit
 service-manage ping permit
 service-manage ssh permit
 service-manage snmp permit
 service-manage telnet permit
 service-manage netconf permit
#
return
[USG6000V1-GigabitEthernet0/0/0]
Sep  7 2018 04:52:14 USG6000V1 %%01SSH/4/SSH_FAIL(s)[3]:Failed to login through SSH
. (IP=192.168.0.103, VpnInstanceName=default, UserName=, Times=1, FailedReason=The user login timed out)[USG6000V1-GigabitEthernet0/0/0]
 

 

 连接

 

确认后确定进入【输入安全外壳密码】输入用户名和密码

 改此用户名新密码，必须改写

关于ensp（510版）中usg5500和6000的区别

5500：permit到区域

关于usg6000防火墙可以和连接的设备之间ping通，默认不允许，需要进入端口开启这个功能service-manage ping permit，哪个放行哪个可通

关于usg5500防火墙可以和连接的设备之间ping通，默认不允许，可在全局模式下permit区域间ping功能：部分代码firewall packet-filter default permit interzone 区域间