实验内容
使用AR1作为SSH的Server,AR2作为SSH的Client,模拟用户从AR2通过SSH登陆到AR1。
AR1 IP:192.168.1.1
AR2 IP:192.168.1.10
user:admin,password:hello,有管理权限
user:gust,password:nihao,有监控权限
AR1(192.168.1.1),配置如下:
<Huawei>system-view
[Huawei]sysname AR1
[AR1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.............++++++++++++
..++++++++++++
.......................++++++++
.......++++++++
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[AR1-GigabitEthernet0/0/0]aaa
[AR1-aaa]local-user admin password cipher hello privilege level 3
[AR1-aaa]local-user gust password cipher nihao privilege level 1
[AR1-aaa]local-user admin service-type ssh
[AR1-aaa]local-user gust service-type ssh
[AR1-aaa]user-interface vty 0 4
[AR1-ui-vty0-4]protocol inbound ssh
[AR1-ui-vty0-4]authentication-mode aaa
[AR1-ui-vty0-4]quit
[AR1]stelnet server enable
[AR1]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Disable
Stelnet server :Enable
AR2(192.168.1.2),配置如下:
<Huawei>system-view
[Huawei]sysname AR2
[AR2]interface g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[AR2-GigabitEthernet0/0/0]quit
[AR2]ssh client first-time enable
[AR2]stelnet 192.168.1.1
Please input the username:admin
Trying 192.168.1.1 ...
Press CTRL+K to abort
Connected to 192.168.1.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Jan 22 2020 23:57:43-08:00 AR2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server h
ad not been authenticated in the process of exchanging keys. When deciding wheth
er to continue, the user chose Y.
[AR2]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.1.1. Please wait...
Jan 22 2020 23:57:44-08:00 AR2 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding whet
her to save the server's public key 192.168.1.1, the user chose Y.
[AR2]
Enter password:
<AR1>system-view
Enter system view, return user view with Ctrl+Z.
[AR1]display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password admin
--------------------------------------------------------------------
来源:51CTO
作者:大帅儿二郎
链接:https://blog.51cto.com/yuanshuai/2468295