华为交换机ssh思科交换机_配置华为交换机ssh方式登录

LAB2： 配置SSH登陆(Passworkd认证)

1.配置VTY界面的认证方式和协议

[HW_FW]user-interface vty 0 4

[HW_FW-ui-vty0-4]authentication-mode aaa

[HW_FW-ui-vty0-4]protocol inbound ssh

2.创建SSH用户，认证方式为password

[HW_FW]ssh user sshuser

[HW_FW]ssh user sshuser authentication-type password

3.配置Client的密码为C1sco123，服务方式为ssh

[HW_FW]aaa

[HW_FW-aaa]local-user sshuser password cipher C1sco123

[HW_FW-aaa]local-user sshuser service-type ssh

4.生成密钥对

[HW_FW]rsa local-key-pair create

20:30:02 2014/06/02

The key name will be: HW_FW_Host

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Input the bits in the modulus[default = 768]:2048

Generating keys...

.......++++++

...++++++

..........................................++++++++

..............++++++++

5.启用STelent/SFTP服务

[HW_FW]stelnet server enable

[HW_FW]sftp server enable

6.启用STelnet和SFTP

[HW_FW]ssh user sshuser service-type stelnet

[HW_FW]ssh user sshuser service-type sftp

注：如果用户采用SFTP服务登录时，需要执行ssh user sftp-directory命令，配置SSH用

户的SFTP服务授权目录。

7.SSH Client通过STtelnet/SFTP方式连接SSH Server

a.第一次登录，需要激活SSH客户端首次认证功能

[R1]ssh client first-time enable

[SSH.C]stelnet 202.100.1.10

22:00:53 2014/06/02

Please input the username:sshuser

Trying 202.100.1.10 ...

Press CTRL+K to abort

Connected to 202.100.1.10 ...

The server is not authenticated. Continue to access it? [Y/N] :y

Save the server's public key? [Y/N] :y

The server's public key will be saved with the name 202.100.1.10. Please wait...

Enter password:

***********************************************************

* Copyright (C) 2010-2013 Huawei Technologies Co., Ltd. *

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

* Notice: *

* This is a private communication system. *

* Unauthorized access or use may lead to prosecution. *

***********************************************************

Note: The max number of VTY users is 5, and the current number

of VTY users on line is 1.

1.查看SSH状态信息

HW_FW]display ssh server status

21:19:13 2014/06/02

SSH version : 1.99

SSH connection timeout : 60 seconds

SSH server key generating interval : 0 hours

SSH authentication retries : 3 times

SFTP server : Enable

STELNET server : Enable

2.查看SSH用户信息

[HW_FW]display ssh user-information

User 1:

User Name : cisco

Authentication-type : password

User-public-key-name : -

Sftp-directory : -

Service-type : sftp

Authorization-cmd