实验步骤:1.基本配置
2.配置ssh server
3.配置ssh client
4.配置sftp server与client
The device is running!
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname r2
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ip add 10.1.1.2 24
[r2-GigabitEthernet0/0/0]quit
[r2]quit
<r2>ping 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=120 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/40/120 ms
<r2>system-view
[r2]rsa local-key-pair create //rsa算法生成密钥对
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:display rsa local-pair public
% Invalid number, the range is (512 ~ 2048).
[r2]in en
Info: Information center is enabled.
[r2]display rsa local-key-pair public //查看公钥
=====================================================
Time of Key pair created: 2007-08-25 16:35:02-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
C974420D DD712C58 36A67819 362FEB9C 9C17E326
24101B32 C272F9C9 E3CD06EB C2C73F7C BC89A0E0
994995EF 7885F359 57B25237 3D441556 A050F823
6087E121
0203
010001
=====================================================
Time of Key pair created: 2007-08-25 17:11:59-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
C1102C7B 2CAB4FAB CD7DCD2C 32D0CCE6 8B995872
2AD83815 39F82B8F 2680B89C A02A8A92 655894E7
48B382E7 B17616E5 01C1B8ED 1D5C7CC3 FFF7453F
E0304E50 D4DBE481 E3CDF7E1 6665569A AC5DEBAE
DC7B048B B954F568 1432935B 92AADCB5
0203
010001
[r2]user-interface vty 0 4 //进入用户视图
[r2-ui-vty0-4]authentication-mode aaa //认证方式
[r2-ui-vty0-4]protocol inbound ssh //ssh协议
[r2-ui-vty0-4]quit
[r2]aaa //进入aaa模式,设置认证,授权
[r2-aaa]local-user admin password cipher hello //创建用户admin密码为hello
[r2-aaa]local-user admin service-type ssh //admin服务类型ssh
[r2-aaa]quit
[r2]ssh user admin authentication-type password //ssh用户admin认证方式密码
Authentication type setted, and will be in effect next time
[r2]aaa
[r2-aaa]local-user admin privilege level 4 //设置用户等级为4
[r2-aaa]quit
[r2]stelnet server enable //开启stelnet
Info: Succeeded in starting the STELNET server.
[r2]display ssh user-information admin //查看admin的ssh认证
-------------------------------------------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
admin password null
-------------------------------------------------------------------------------
[r2]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Disable
Stelnet server :Enable
[r2]aaa
[r2-aaa]local-user huawei password cipher huawei
Info: Add a new user.
[r2-aaa]local-user huawei service-type ssh
[r2-aaa]local-user huawei privilege level 3
[r2-aaa]local-user huawei ftp-directory flash; //设置目录
[r2-aaa]ssh user huawei authentication-type password
Authentication type setted, and will be in effect next time
[r2]sftp server enable
Info: Succeeded in starting the SFTP server.
[r2]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
Stelnet server :Enable
[r2]
[r2]aaa
[r2-aaa]local-user huawei ftp-directory flash:
[r2-aaa]quit
[r2]display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password huawei
--------------------------------------------------------------------
[r2]
The device is running!
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname r1
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ip add 10.1.1.1 24
[r1-GigabitEthernet0/0/0]Quit
[r1]ssh client first-time enable //ssh客户端第一次运行
[r1]stelnet 10.1.1.2
Please input the username:admin
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.1.1.2. Please wait...
Enter password:
<r2>sys
Enter system view, return user view with Ctrl+Z.
[r2]display ssh server session //查看会话连接
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password admin
--------------------------------------------------------------------
[r2]quit
<r2>quit
Configuration console exit, please retry to log on
[r1]sftp 10.1.1.2
Please input the username:huawei
Trying 10.1.1.2 ...
Press CTRL+K to abort
Enter password:
sftp-client>