华为路由器配置 SSH 远程登录
实验拓扑图如下:
第一步:SSH-server 基础配置
[SSH-server-GigabitEthernet0/0/0]aaa # 进入 aaa 视图配置
[SSH-server-aaa]local-user devan password cipher sshtest # 创建用户 devan,密码为 sshtest
[SSH-server-aaa]local-user devan service-type ssh # 配置 devan 用户类型为 ssh
[SSH-server-aaa]local-user devan privilege level 15 # 配置 devan 用户权限为15(用户权限最高为15)
[SSH-server-aaa]q # 退出 aaa 视图配置
[SSH-server]ssh user devan authentication-type password # 设置 devan 用户 ssh 登录模式为密码登录
[SSH-server]stelnet server enable # 开启 ssh 认证服务
[SSH-server]rsa local-key-pair create # 生成 rsa 密钥,密钥长度默认为2048位,不同型号或厂商的网络设备可能不一样
The key name will be: Host
RSA keys defined for Host already exist.
Warning: Confirm to replace them! Continue? [Y/N]y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is less than 2048,
It will introduce potential security risks.
Input the bits in the modulus[default = 2048]:
Generating keys...
...........................................+++
..+++
....................++++++++
................++++++++
[SSH-server]user-interface vty 0 4 # 进入虚拟终端
[SSH-server-ui-vty0-4]authentication-mode aaa # 设置虚拟终端认证模式为 aaa
[SSH-server-ui-vty0-4]protocol inbound ssh # 启动 ssh
[SSH-server-ui-vty0-4]q # 退出虚拟终端模式
第二步:SSH-client1 基础配置
[SSH-client1]ssh client first-time enable # 开启 ssh 客户端首次认证
[SSH-client1]stelnet 10.0.0.1 # ssh 验证登录
Please input the username:devan # 输入远程登录用户名
Trying 10.0.0.1 ...
Press CTRL+K to abort
Connected to 10.0.0.1 ...
The server is not authenticated. Continue to access it? [Y/N]:y # 接收公钥
Oct 29 2022 09:04:42+00:00 SSH-client1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[2]:The server had not been authenticated in the process of exchanging keys. When deciding whether to continue, the user chose Y.
[SSH-client1]
Save the server's public key? [Y/N]:y # 保存公钥
The server's public key will be saved with the name 10.0.0.1. Please wait...
Oct 29 2022 09:04:58+00:00 SSH-client1 %%01SSH/4/SAVE_PUBLICKEY(l)[3]:When deciding whether to save the server's public key 10.0.0.1, the user chose Y.
[SSH-client1]
Enter password: # 输入远程用户 devan 的密码后登录成功
<SSH-server>
第三步:SSH-client2 基础配置
第四步:配置路由(ip 命令或 route 命令配置的路由都是临时的,想要配置永久路由可以选择更改配置文件或使用 nmcli 命令)
路由配置成功后即可通过 SSH-client2 连接 SSH-server