实验内容
使用AR1作为SFTP的Server,AR2作为SFTP的Client,模拟用户从AR2通过SFTP登陆到AR1。
AR1 IP:192.168.1.1
AR2 IP:192.168.1.10
user:admin1,password:admin1,有管理权限
AR1(192.168.1.1),配置如下:
<Huawei>syste
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.......++++++++++++
..............++++++++++++
..........................................................++++++++
.....++++++++
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[AR1-GigabitEthernet0/0/0]aaa
[AR1-aaa]local-user admin1 password cipher admin1 privilege level 3
[AR1-aaa]local-user admin1 service-type ssh
[AR1-aaa]local-user admin1 ftp-directory flash:
[AR1-aaa]user-interface vty 0 4
[AR1-ui-vty0-4]protocol inbound ssh
[AR1-ui-vty0-4]authentication-mode aaa
[AR1-ui-vty0-4]quit
[AR1]sftp server enable
[AR1]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
Stelnet server :Disable
[AR1]display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password admin1
---------------------------------------------------------------
AR2(192.168.1.10),配置如下:
<Huawei>system-view
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ssh client first-time enable
[Huawei]sftp 192.168.1.1
Please input the username:admin1
Trying 192.168.1.1 ...
Press CTRL+K to abort
The server is not authenticated. Continue to access it? (y/n)[n]:y
Jan 23 2020 00:43:51-08:00 Huawei %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[2]:The serve
r had not been authenticated in the process of exchanging keys. When deciding wh
ether to continue, the user chose Y.
sftp-client>
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.1.1. Please wait...
Jan 23 2020 00:43:53-08:00 Huawei %%01SSH/4/SAVE_PUBLICKEY(l)[3]:When deciding w
hether to save the server's public key 192.168.1.1, the user chose Y.
sftp-client>
Enter password:
sftp-client>
来源:51CTO
作者:大帅儿二郎
链接:https://blog.51cto.com/yuanshuai/2468296