SSH远程管理
一、实验要求
SW1 作为SSH客户端,登录并管理 SSH服务器R1
现实中 是用运行putty 或者secureSRT的计算机作为客户端
配置要点
1、设置IP ,实现设备间通讯
2、开启ssh服务
3、开启vty 0 4 设置用户级别
实验步骤
1、设置IP ,实现设备间通讯
[H3C]sysn R1
[R1]int g0/0
[R1-GigabitEthernet0/0]ip a 10.1.11.1 29
[H3C]SYS SW1
[SW1]int vlan 1
[SW1-Vlan-interface1]ip a 10.1.11.2 29
[SW1-Vlan-interface1]ping 10.1.11.2
Ping 10.1.11.2 (10.1.11.2): 56 data bytes, press CTRL_C to break
56 bytes from 10.1.11.2: icmp_seq=0 ttl=255 time=0.000 ms
56 bytes from 10.1.11.2: icmp_seq=1 ttl=255 time=0.000 ms
2、开启SSH服务 和vty 0 4 设置用户级别
[R1]ssh ser en
[R1]line vty 0 4
[R1-line-vty0-4]authentication-mode scheme
[R1-line-vty0-4]protocol inbound ssh #允许ssh登录
[R1-line-vty0-4]qu
[R1]local-user abc cl manage
[R1-luser-manage-abc]password simple 123456789a
[R1-luser-manage-abc]authorization-attribute user-role level-15
[R1-luser-manage-abc]service-type ssh
3、 验证
<SW1>ssh 10.1.11.1
Username: abc
Press CTRL+C to abort.
Connecting to 10.1.11.1 port 22.
The server is not authenticated. Continue? [Y/N]: y
Do you want to save the server public key? [Y/N]:y
abc@10.1.11.1's password:
Enter a character ~ and a dot to abort.
******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<R1>sys
System View: return to User View with Ctrl+Z.
[R1]dis users
Idx Line Idle Time Pid Type
0 CON 0 00:01:38 Nov 13 09:12:43 10958
+ 66 VTY 0 00:00:00 Nov 13 09:17:28 10972 SSH
Following are more details.
VTY 0 :
User name: abc
Location: 10.1.11.2
+ : Current operation user.
F : Current operation user works in async mode.
[R1]
核心知识 - 开启SSH服务
1、vty 虚拟终端 virtual teletype terminal
2、0 4是指可以有5个用户会话同时连接,0,1,2,3,4
3、authentication-mode三种模式
none 远程维护登陆不需要密码
scheme 用户密码验证模式
password 密码验证
①scheme 用户密码验证模式
[SW1]ssh server enable
[SW1]line vty 0 4
[SW1-line-vty0-4]authentication-mode scheme
[SW1-line-vty0-4]qu
[SW1]local-user abc class manage
[SW1-luser-manage-abc]password simple 123456789a #需要10位
[SW1-luser-manage-abc]authorization-attribute user-role level-15 #设置授权访问级别
[SW1-luser-manage-abc]service-type ssh #设置访问服务类型为
疑问
[R1]ssh ser en
[R1]line vty 0 4
[R1-line-vty0-4]authentication-mode scheme
[R1-line-vty0-4]protocol inbound ssh #允许ssh登录
[R1-line-vty0-4]qu
[R1]local-user abc cl manage
[R1-luser-manage-abc]password simple 123456789a
[R1-luser-manage-abc]authorization-attribute user-role level-15#用户登记是否 要放到 line-vty 0 4
[R1-luser-manage-abc]service-type ssh
故障排查思路
通用命令累积
reset sa 恢复设备默认设置
reb 重启
un in en 关闭提示