实验内容
使用 AR1 作为 SSH 的 Server,AR2 作为 SSH 的 Client, 模拟用户从 AR2 通过 SSH 登陆到 AR1.
- AR1 IP:192.168.1.1
- AR2 IP:192.168.1.10
user:admin,password:hello, 有管理权限
user:gust,password:nihao, 有监控权限
AR1(192.168.1.1), 配置如下:
- <Huawei>system-view
- [Huawei]sysname AR1
- [AR1]rsa local-key-pair create
- The key name will be: Host
- % RSA keys defined for Host already exist.
- Confirm to replace them? (y/n)[n]:y
- The range of public key size is (512 ~ 2048).
- NOTES: If the key modulus is greater than 512,
- It will take a few minutes.
- Input the bits in the modulus[default = 512]:
- Generating keys...
- .............++++++++++++
- ..++++++++++++
- .......................++++++++
- .......++++++++
- [AR1]interface g0/0/0
- [AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
- [AR1-GigabitEthernet0/0/0]aaa
- [AR1-aaa]local-user admin password cipher hello privilege level 3
- [AR1-aaa]local-user gust password cipher nihao privilege level 1
- [AR1-aaa]local-user admin service-type SSH
- [AR1-aaa]local-user gust service-type SSH
- [AR1-aaa]user-interface vty 0 4
- [AR1-ui-vty0-4]protocol inbound SSH
- [AR1-ui-vty0-4]authentication-mode aaa
- [AR1-ui-vty0-4]quit
- [AR1]stelnet server enable
- [AR1]display SSH server status
- SSH version :1.99
- SSH connection timeout :60 seconds
- SSH server key generating interval :0 hours
- SSH Authentication retries :3 times
- SFTP Server :Disable
- Stelnet server :Enable
AR2(192.168.1.2), 配置如下:
- <Huawei>system-view
- [Huawei]sysname AR2
- [AR2]interface g0/0/0
- [AR2-GigabitEthernet0/0/0]ip add 192.168.1.10 24
- [AR2-GigabitEthernet0/0/0]quit
- [AR2]SSH client first-time enable
- [AR2]stelnet 192.168.1.1
- Please input the username:admin
- Trying 192.168.1.1 ...
- Press CTRL+K to abort
- Connected to 192.168.1.1 ...
- The server is not authenticated. Continue to access it? (y/n)[n]:y
- Jan 22 2020 23:57:43-08:00 AR2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server h
- ad not been authenticated in the process of exchanging keys. When deciding wheth
- er to continue, the user chose Y.
- [AR2]
- Save the server's public key? (y/n)[n]:y
- The server's public key will be saved with the name 192.168.1.1. Please wait...
- Jan 22 2020 23:57:44-08:00 AR2 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding whet
- her to save the server's public key 192.168.1.1, the user chose Y.
- [AR2]
- Enter password:
- <AR1>system-view
- Enter system view, return user view with Ctrl+Z.
- [AR1]display SSH server session
- --------------------------------------------------------------------
- Conn Ver Encry State Auth-type Username
- --------------------------------------------------------------------
- VTY 0 2.0 AES run password admin
- --------------------------------------------------------------------
来源: http://www.bubuko.com/infodetail-3393673.html