华为路由器配置 SSH 远程登录

实验拓扑图如下：

 第一步：SSH-server 基础配置

[SSH-server-GigabitEthernet0/0/0]aaa    # 进入 aaa 视图配置

[SSH-server-aaa]local-user devan password cipher sshtest   # 创建用户 devan，密码为 sshtest

[SSH-server-aaa]local-user devan service-type ssh   # 配置 devan 用户类型为 ssh

[SSH-server-aaa]local-user devan privilege level 15   # 配置 devan 用户权限为15（用户权限最高为15）

[SSH-server-aaa]q   # 退出 aaa 视图配置

[SSH-server]ssh user devan authentication-type password   # 设置 devan 用户 ssh 登录模式为密码登录

[SSH-server]stelnet server enable    # 开启 ssh 认证服务

[SSH-server]rsa local-key-pair create   # 生成 rsa 密钥，密钥长度默认为2048位，不同型号或厂商的网络设备可能不一样
The key name will be: Host
RSA keys defined for Host already exist.
Warning: Confirm to replace them! Continue? [Y/N]y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is less than 2048,
It will introduce potential security risks.
Input the bits in the modulus[default = 2048]:
Generating keys...
...........................................+++
..+++
....................++++++++
................++++++++

[SSH-server]user-interface vty 0 4   # 进入虚拟终端

[SSH-server-ui-vty0-4]authentication-mode aaa   # 设置虚拟终端认证模式为 aaa

[SSH-server-ui-vty0-4]protocol inbound ssh   # 启动 ssh

[SSH-server-ui-vty0-4]q   # 退出虚拟终端模式

第二步：SSH-client1 基础配置

[SSH-client1]ssh client first-time enable    # 开启 ssh 客户端首次认证

[SSH-client1]stelnet 10.0.0.1   # ssh 验证登录
Please input the username:devan   # 输入远程登录用户名
Trying 10.0.0.1 ...
Press CTRL+K to abort
Connected to 10.0.0.1 ...
The server is not authenticated. Continue to access it? [Y/N]:y    # 接收公钥
Oct 29 2022 09:04:42+00:00 SSH-client1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[2]:The server had not been authenticated in the process of exchanging keys. When deciding whether to continue, the user chose Y.
[SSH-client1]
Save the server's public key? [Y/N]:y    # 保存公钥
The server's public key will be saved with the name 10.0.0.1. Please wait...

Oct 29 2022 09:04:58+00:00 SSH-client1 %%01SSH/4/SAVE_PUBLICKEY(l)[3]:When deciding whether to save the server's public key 10.0.0.1, the user chose Y.
[SSH-client1]
Enter password:   # 输入远程用户 devan 的密码后登录成功
<SSH-server>

 第三步：SSH-client2 基础配置

 第四步：配置路由（ip 命令或 route 命令配置的路由都是临时的，想要配置永久路由可以选择更改配置文件或使用 nmcli 命令）

路由配置成功后即可通过 SSH-client2 连接 SSH-server