首先需要在全局使能stelnet功能stelnet server enable AR1配置使用密码登录AR2,AR3配置免密登录AR2
AR1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn AR1
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 10.0.12.1 24
[AR1]ssh client first-time enable # 第一次登录
[AR1]stelnet 10.0.12.2 1025
Please input the username:ar1
Trying 10.0.12.2 ...
Press CTRL+K to abort
Connected to 10.0.12.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Apr 11 2024 19:22:18-08:00 AR1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server h
ad not been authenticated in the process of exchanging keys. When deciding wheth
er to continue, the user chose Y.
[AR1]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.0.12.2. Please wait...
Apr 11 2024 19:22:20-08:00 AR1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whet
her to save the server's public key 10.0.12.2, the user chose Y.
[AR1]
Enter password:
<AR2>AR2
\<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 10.0.12.2 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 10.0.23.2 24
[AR2-GigabitEthernet0/0/1]q
[AR2]rsa loc cre 生成本地密钥对,实现在服务器端和客户端进行安全的数据交互
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:2048
Generating keys...
.+++
....................+++
............++++++++
...++++++++
[AR2]user-interface vty 0 4 使用远程登陆所进入的接口
[AR2-ui-vty0-4]authentication-mode aaa 认证方式使用AAA认证
[AR2-ui-vty0-4]protocol inbound ssh 更改默认的协议 默认为telnet
[AR2-ui-vty0-4]q
[AR2]aaa
[AR2-aaa]local-user ar1 password cipher huawei@123
Info: Add a new user.
[AR2-aaa]local-user ar1 privilege level 3
[AR2-aaa]local-user ar1 service-type ssh 设置用户登录认证服务类型
[AR2-aaa]lo ar2 pass cip huawei@456
Info: Add a new user.
[AR2-aaa]lo ar2 pri l 3
[AR2-aaa]lo ar2 se ssh
[AR2-aaa]q
[AR2]ssh user ar1 authentication-type password 设置ssh登录方式为密码登录
Authentication type setted, and will be in effect next time
[AR2]ssh use ar2 au rsa 设置ssh登录方式为rsa密钥登录
Authentication type setted, and will be in effect next time
[AR2]stelnet server enable
Info: Succeeded in starting the STELNET server.
[AR2]ssh server port 1025 更改ssh的服务端口 默认22
After the command is executed, logging in to the port through SSH fails, all th
e SSH users exit, and a new port is created. If you need to set the port through
SSH again, wait for at least two minutes and then set the port again. Are you s
ure to continue?(y/n)[n]:y
Info: Succeeded in changing SSH listening port.
[AR2]rsa peer-public-key AR3 设置邻居的公钥 后边为名称任意命名
Enter "RSA public key" view, return system view with "peer-public-key end".
NOTE: The number of the bits of public key must be between 769 and 2048.
[AR2-rsa-public-key]public-key-code begin 粘贴AR3的公钥
Enter "RSA key code" view, return last view with "public-key-code end".
[AR2-rsa-key-code]30820109
[AR2-rsa-key-code]
[AR2-rsa-key-code] 02820100
[AR2-rsa-key-code]
[AR2-rsa-key-code] C2BBBFD7 6C4CBE3D E3A83807 277F78D7 FE43AE04
[AR2-rsa-key-code]
[AR2-rsa-key-code] 6B85B37E 8ABB3A43 9ACA8ECC A4E22D61 D94EEBF0
[AR2-rsa-key-code]
[AR2-rsa-key-code] 1D10E18D 22F0FB8D 27A8F660 CCB87C52 DDD07F03
[AR2-rsa-key-code]
[AR2-rsa-key-code] C1A517FE 2E8F467F 35DD5525 685B47A8 3C623DD8
[AR2-rsa-key-code]
[AR2-rsa-key-code] AD8C78F6 71113B3E E7D1846B 881A602C E3B75B90
[AR2-rsa-key-code]
[AR2-rsa-key-code] A7237DAA 60964123 EC616760 1C191E7A 822DCF7B
[AR2-rsa-key-code]
[AR2-rsa-key-code] 5DFF1E5B 324872E3 A91C3D42 B74AD768 FA80CDC0
[AR2-rsa-key-code]
[AR2-rsa-key-code] B9B0189D 200BEF3B D72144E8 CCA716FF 7DB2AE34
[AR2-rsa-key-code]
[AR2-rsa-key-code] 06EEBDBA 40E888E4 CA69EA14 37F07AD8 A670177F
[AR2-rsa-key-code]
[AR2-rsa-key-code] 96C5B2D2 03DF368E B0289BA9 D93560B3 38D440EF
[AR2-rsa-key-code]
[AR2-rsa-key-code] C748A000 23456E53 88B0689C A075FEBD 02BE2182
[AR2-rsa-key-code]
[AR2-rsa-key-code] 54F88C92 AD467010 8064E5E7 78008B24 8734356B
[AR2-rsa-key-code]
[AR2-rsa-key-code] 6D53B824 603F2100 05B9DFF6 60A3CEA3
[AR2-rsa-key-code]
[AR2-rsa-key-code] 0203
[AR2-rsa-key-code]
[AR2-rsa-key-code] 010001
[AR2-rsa-key-code]public-key-code end
[AR2-rsa-public-key]peer-public-key end
[AR2]ssh user ar2 assign rsa-key AR3 将AAA用户ar2绑定公钥AR3
AR3
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn AR3
[AR3]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 10.0.23.3 24
[AR3-GigabitEthernet0/0/1]q
[AR3]rsa loc cre
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:2048
Generating keys...
......................................................+++
................................................................................
.....................................+++
....................++++++++
.................................................++++++++
[AR3]display rsa local-key-pair public
=====================================================
Time of Key pair created: 2024-04-11 18:57:36-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
30820109
02820100
C2BBBFD7 6C4CBE3D E3A83807 277F78D7 FE43AE04
6B85B37E 8ABB3A43 9ACA8ECC A4E22D61 D94EEBF0
1D10E18D 22F0FB8D 27A8F660 CCB87C52 DDD07F03
C1A517FE 2E8F467F 35DD5525 685B47A8 3C623DD8
AD8C78F6 71113B3E E7D1846B 881A602C E3B75B90
A7237DAA 60964123 EC616760 1C191E7A 822DCF7B
5DFF1E5B 324872E3 A91C3D42 B74AD768 FA80CDC0
B9B0189D 200BEF3B D72144E8 CCA716FF 7DB2AE34
06EEBDBA 40E888E4 CA69EA14 37F07AD8 A670177F
96C5B2D2 03DF368E B0289BA9 D93560B3 38D440EF
C748A000 23456E53 88B0689C A075FEBD 02BE2182
54F88C92 AD467010 8064E5E7 78008B24 8734356B
6D53B824 603F2100 05B9DFF6 60A3CEA3
0203
010001
=====================================================
Time of Key pair created: 2024-04-11 18:57:41-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
BC93B571 983B74F8 B9525EDA A4F9A7E7 7501003C
08569DC2 EA0AEADB C1E08DB7 E1C9547F 895B11EA
28DF24BA B2C053F6 45965280 211D965E D20DBFB6
D066D677 A4B3594D D432F6C8 C50B1816 EC8C1CF7
1C8B0AFE CE07CB0C 29308158 D4538FFD
0203
010001
[AR3]ssh client first-time enable
[AR3]stelnet 10.0.23.2 1025
Please input the username:ar2
Trying 10.0.23.2 ...
Press CTRL+K to abort
Connected to 10.0.23.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Apr 11 2024 19:23:29-08:00 AR3 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server h
ad not been authenticated in the process of exchanging keys. When deciding wheth
er to continue, the user chose Y.
[AR3]
Save the server's public key? (y/n)[n]:y
Apr 11 2024 19:23:30-08:00 AR3 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whet
her to save the server's public key 10.0.23.2, the user chose Y.
[AR3]
The server's public key will be saved with the name 10.0.23.2. Please wait...
<AR2>流程
- server 开始stelnet功能
- 设备生成密钥
rsa local-key-pair create - 配置vty接口 认证模式aaa,协议类型ssh
- 配置aaa 用户名密码,协议,级别
- 全局配置ssh用户认证模式 ras|passwd
- 如果为rsa认证写入公钥
rsa peer-public-key r2 - 将公钥绑定给用户
ssh user r2 assign rsa-key r2 - stelnet 尝试登录
Comments NOTHING