远程登录--Telnet和SSH

一、TELNET：是TCP/IP协议族中的一员，是Internet远程登录服务的标准协议和主要方式。它为用户提供了在本地计算机上完成远程主机工作的能力。在终端使用者的电脑上使用telnet程序，用它连接到服务器。终端使用者可以在telnet程序中输入命令，这些命令会在服务器上运行，就像直接在服务器的控制台上输入一样。可以在本地就能控制服务器。要开始一个telnet会话，必须输入用户名和密码来登录服务器。Telnet是常用的远程控制Web服务器的方法。端口号：TCP 23

拓扑：

 

 

1.明文密码登录

配置前准备：路由器端口IP设置。

AR2：配置

[AR2]user-interface VTY 0 4   //进入用户user0到user4
[AR2-ui-vty0-4]authentication-mode password   //设置认证模式为密码登录
Please configure the login password (maximum length 16):huawei@123  //设置密码为huawei@123
[AR2-ui-vty0-4]q
[AR2]q

 

<AR1>telnet 10.1.1.254
Press CTRL_] to quit telnet mode
Trying 10.1.1.254 ...
Connected to 10.1.1.254 ...

Login authentication

Password:
<AR2>

 

<AR2>dis users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
+ 0 CON 0 00:00:00 pass
Username : Unspecified

129 VTY 0 00:00:13 TEL 10.1.1.1 pass
Username : Unspecified

 

2.设置密文登录，且设置用户等级，缺省等级为0

[Huawei]user-interface vty 0 4    
[Huawei-ui-vty0-4]authentication-mode password
Please configure the login password (maximum length 16):huawei
[Huawei-ui-vty0-4]set ?
authentication Set the authentication parameters for the user terminal
interface
[Huawei-ui-vty0-4]set authentication password cipher huawei  //设置密码为密文 MD5哈希密码  simple为明文。缺省为明文
[Huawei-ui-vty0-4]user privilege level 2  //设置用户等级为2 。

 

3.aaa远程

Huawei]aaa      //进入aaa视图
[Huawei-aaa]local-user admin password cipher huawei privilege level 3   //设置账号admin 密文密码 huawei 用户等级 3
[Huawei-aaa]local-user admin service-type telnet //授予admin账号telnet协议权利
[Huawei-aaa]q
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa //设置用户模式为aaa模式
[Huawei-ui-vty0-4]q

  

二、SSH

SSH 为 Secure Shell 的缩写，由 IETF 的网络小组（Network Working Group）所制定；SSH 为建立在应用层基础上的安全协议。SSH 是较可靠，专为远程登录会话和其他网络服务提供安全性的协议。利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题。SSH最初是UNIX系统上的一个程序，后来又迅速扩展到其他操作平台。SSH在正确使用时可弥补网络中的漏洞。SSH客户端适用于多种平台。几乎所有UNIX平台—包括HP-UX、Linux、AIX、Solaris、Digital UNIX、Irix，以及其他平台，都可运行SSH。协议端口号：TCP 23

<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]SYSNAME AR2
[AR2]undo info-center enable   //关闭信息提示
Info: Information center is disabled.
[AR2]rsa local-key-pair create   //生成主机RSA秘钥密钥对  必须
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:512
Generating keys...
...++++++++++++
......++++++++++++
....++++++++
.......................+++++++

[AR2]dis rsa local-key-pair public  //查看本地秘钥对中公钥秘钥部分信息

=====================================================
Time of Key pair created: 2021-11-17 21:34:54-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
DFE602D8 6FE22386 02FC4A02 5E9DB62F 5A50288B
7E766E47 0C3C0E81 101E2430 ADF87963 7D99DB16
B8751CBF EB9303AA 43BE3EA6 7223BBA8 6DF1016A
DBFE6E0B
0203
010001

=====================================================
Time of Key pair created: 2021-11-17 21:34:56-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
F62C7EFF 81677BC2 0987B487 636B2F01 A84E98E5
8E42CE57 2A91A97E CB9A4CE7 FEE106F7 58E668E3
D4993874 D2EAB1F8 81DC5969 76E88967 359A570D
71A1F6ED 4FDEFDA9 CAC9BDDC 5485E69F 3BF6C8A7
537990A3 24B2DF5C 96A731AE 8BCD07A9
0203
010001
[AR2]user-interface vty 0 4
[AR2-ui-vty0-4]authentication-mode aaa
[AR2-ui-vty0-4]protocol inbound ssh  //指定用户登录协议ssh，自动关闭telnet
[AR2-ui-vty0-4]q
[AR2]
[AR2]aaa
[AR2-aaa]local-user huawei password cipher huawei@123

Info: Add a new user.

[AR2-aaa]local-user huawei privilege level 3　　//设置用户等级为3 管理者等级

[AR2-aaa]local-user huawei service-type ssh  //配置本地用户的接入方式为ssh
[AR2-aaa]q
[AR2]ssh user huawei authentication-type password //设置ssh认证方式为密码登录
Authentication type setted, and will be in effect next time
[AR2]stelnet server enable   //开启ssh server服务
Info: Succeeded in starting the STELNET server.
[AR2]dis ssh user-information huawei  //查看ssh用户信息
-------------------------------------------------------------------------------

Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
huawei password null
-------------------------------------------------------------------------------
[AR2]dis ssh server status  //查看ssh服务器全局配置信息
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Disable
Stelnet server :Enable

 

<Huawei>SYS
Enter system view, return user view with Ctrl+Z.
[Huawei]SYS AR1
[AR1]undo info-center enable
Info: Information center is disabled.
[AR1]ssh client first-time enable  //开启ssh客户端服务
[AR1]q
[AR1]stelnet 10.1.1.2
Please input the username:huawei
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.1.1.2. Please wait...

Enter password:
<AR2>

 

 

[AR2]dis ssh server session   //查看ssh服务器当前连接用户信息
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password huawei
--------------------------------------------------------------------
[AR2]