Telnet SSH原理与配置
1,Telnet配置
1 [Huawei]telnet server enable 开启telnet服务 2 [Huawei]user-interface vty 0 4 配置vty 3 [Huawei-ui-vty0-4]authentication-mode password --设置密码的最大长度 4 [Huawei-ui-vty0-4]set authentication password cipher 654321 --设置密码 5 [Huawei-ui-vty0-4]protocol inbound telnet --设置允许telnet连接 6 [Huawei-ui-vty0-4]user privilege level 15 #华为权限配置 7 8 [sw0-line-vty0-4]user-role level-15 #H3C权限配置
TelnetAAA方式
1 [r1]user-interface vty 0 4 2 [r1-ui-vty0-4]authentication-mode aaa --配置认证模式为aaa 3 4 [r1]aaa 5 [r1-aaa]local-user admin password cipher admin privilege level 3 设置用户名密码,权限 6 [r1-aaa]local-user admin service-type telnet 设置admin帐号为telnet提供服务 7 [r1]telnet server port 3000 根据需求修改端口号
SSH配置
1,创建本地密钥
1 [Huawei]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
..++++++++++++
......++++++++++++
...........................++++++++
.......++++++++
2,设置aaa账户密码
1 [Huawei]aaa 进入AAA 2 [Huawei-aaa]local-user admin password cipher admin privilege level 3 设置用户名密码、用户等级 3 [Huawei-aaa]local-user admin service-type ssh
3,SSH和Telnet一样需要通过vty接口连接设备,配置vty接口
1 [Huawei]user-interface vty 0 4 进入虚拟终端 2 [Huawei-ui-vty0-4]authentication-mode aaa 认证模式AAA 3 [Huawei-ui-vty0-4]protocol inbound ssh 配置允许登录接入用户类型的协议(all | ssh | telnet)
4,回到系统视图,将SSH协议与用户账户关联起来
1 [Huawei]stelnet server enable 打开SSH 2 [Huawei]ssh user admin authentication-type password 认证模式为密码模式 3 [Huawei]ssh user admin service-type stelnet 服务方式
华三设备aaa登录方式
1 [H3C]user-interface vty 0 4 2 [H3C-line-vty0-4]authentication-mode scheme --配置认证类型 3 4 [H3C]local-user admin class manage --配置管理用户名 5 [H3C-luser-manage-admin]password simple 123456 --配置密码 6 [H3C-luser-manage-admin]service-type telnet --配置账号服务类型 7 [H3C-luser-manage-admin]authorization-attribute user-role level-15 --权限配置
解决修改密码提示
The password needs to be changed. Change now? [Y/N]: #每次登录会有这提示,比较烦人
[S12712-aaa]undo local-aaa-user password policy administrator #关闭掉