华为SSH实验
实验拓扑:
实验要求:从SSH客户端AR1采用stelnet方式登录到SSH 服务器端。
实验步骤:
1.完成基本配置(略)
sys
Enter system view, return user view with Ctrl+Z.
[AR1]sys CLIENT
[CLIENT]INT g0/0/0
[CLIENT-GigabitEthernet0/0/0]ip add 10.1.1.2 24
sys
Enter system view, return user view with Ctrl+Z.
[AR4]sys SERVER
[SERVER]INT g0/0/0
[SERVER-GigabitEthernet0/0/0]ip add 10.1.1.2 24
2.在server端配置安全密钥对
[SERVER]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:512
Generating keys…
…++++++++++++
…++++++++++++
…++++++++
…++++++++
[SERVER]
[SERVER]dis rsa local-key-pair public 在服务器端查看刚刚配置的公钥
3.在服务器端创建VTY服务
[SERVER]user-interface vty 0 4 启用VTY服务
[SERVER-ui-vty0-4]authentication-mode aaa 认证模式采用AAA
[SERVER-ui-vty0-4]protocol inbound ssh 定义流量(从外面进来的流量是ssh)
[SERVER-ui-vty0-4]q
4.在服务端配置AAA服务
[SERVER]aaa 启用AAA服务
[SERVER-aaa]local-user zyh password cipher huawei 配置本地用户zyh密码是huawei
[SERVER-aaa]local-user zyh service-type ssh 用户zyh服务类型是ssh
[SERVER-aaa]local-user zyh privilege level 3 用户zyh的运行级别是三级
[SERVER-aaa]q
5.在服务端配置SSH用户的访问认证方式并启用stelnet服务
[SERVER]ssh user zyh authentication-type password
Authentication type setted, and will be in effect next time
[SERVER]stelnet server enable 系统默认该服务是关闭的所以使用时候需要开启
6.配置客户端
sys
[CLIENT]ssh client first-time enable 把客户端首次使用SSH开启
7.进行测试
[CLIENT]stelnet 10.1.1.2
Please input the username:zyh
Trying 10.1.1.2 …
Press CTRL+K to abort
Connected to 10.1.1.2 …
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server’s public key? (y/n)[n]:y
The server’s public key will be saved with the name 10.1.1.2. Please wait…
Enter password:
采用SSH服务安全登录到远程服务端设备,实验成功。
小结:采用stelnet登录目标设备的配置虽有有点繁琐,但安全性却有了极大的提升,特别是密钥对的强度选择和SSH协议的配合使用,安全有了很大的保证。