Huawei-R&S-网络工程师实验笔记20190530-FTP上传下载、STelnet登录、SFTP登录
》Huawei-R&S-网络工程师实验笔记20190530-FTP上传下载、STelnet登录、SFTP登录
》》实验开始,参考《Huawei-R&S-网络工程师实验笔记20190524-XXX》中的拓扑图,使用 Huawei eNSP、Wireshark、Oracle VM VirtualBox 等工具软件,并开启了左侧、右侧的路由器AR1、AR2。以下将全部使用代码展示实验过程和理解:
<AR2>sy Enter system view, return user view with Ctrl+Z. [AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip address 202.100.1.4 26 [AR2-GigabitEthernet0/0/0] May 30 2019 16:16:56-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [AR2-GigabitEthernet0/0/0]q [AR2]dis ip int bri //查看IP是否配置,要保证与AR1可以互通(AR1设备配置同样动作) *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 2 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 202.100.1.4/26 up up //在AR1中ping后发现不通 GigabitEthernet0/0/1 unassigned down down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [AR2] [AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip address 202.100.1.2 30 //重新配置IP,并在AR1中ping看看 [AR2-GigabitEthernet0/0/0]q [AR2]q [AR2]ftp server enable //开启FTP功能 Info: Succeeded in starting the FTP server [AR2]aaa [AR2-aaa]local-user tangjun password cipher 123 //用户名tangjun和密码123(cipher保密模式) Info: Add a new user. [AR2-aaa]local-user tangjun privilege level 15 //该用户的级别15 [AR2-aaa]local-user tangjun ftp ? //ftp目录是哪,?查询后续命令 STRING<1-64> [drive][path] flash: Device name [AR2-aaa]local-user tangjun ftp flash: //有版本命令是local-user tangjun ftp-directory flash: [AR2-aaa]local-user tangjun service-type ftp //该用户服务于FTP [AR2-aaa]q [AR2]q <AR2>save updatafile.zip //保存个配置文件,假定为升级文件,用后续FTP实验 Are you sure to save the configuration to updatafile.zip? (y/n)[n]:y It will take several minutes to save configuration file, please wait....... Configuration file had been saved successfully Note: The configuration file will take effect after being activated <AR2>dir Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 drw- - May 30 2019 07:25:55 dhcp 1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip 2 -rw- 655 May 30 2019 08:48:53 updatafile.zip //升级文件成功创建,将会被拷贝至AR1的根目录下 3 -rw- 2,263 May 30 2019 07:25:50 statemach.efs 4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip 5 -rw- 249 May 30 2019 08:15:45 private-data.txt 6 -rw- 533 May 30 2019 08:15:44 vrpcfg.zip 1,090,732 KB total (784,448 KB free) <AR2>
<AR1>sy Enter system view, return user view with Ctrl+Z. [AR1]int g0/0/0 [AR1-GigabitEthernet0/0/0]ip address 202.100.1.1 30 May 30 2019 16:18:46-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [AR1-GigabitEthernet0/0/0]q [AR1]display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 3 The number of interface that is DOWN in Physical is 1 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 202.100.1.1/30 up up //接口配置好了IP GigabitEthernet0/0/1 unassigned up down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [AR1]ping 202.100.1.4 PING 202.100.1.4: 56 data bytes, press CTRL_C to break //无法连通AR2接口,其IP地址配置错误 Request time out Request time out Request time out Request time out Request time out --- 202.100.1.4 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss [AR1]ping 202.100.1.2 //对端设备AR2已重新配置IP,现在重新ping PING 202.100.1.2: 56 data bytes, press CTRL_C to break Reply from 202.100.1.2: bytes=56 Sequence=1 ttl=255 time=100 ms Reply from 202.100.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms Reply from 202.100.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 202.100.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 202.100.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms --- 202.100.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/34/100 ms //AR1与AR2网络连通了 [AR1]
<AR1>ftp 202.100.1.2 //通过FTP程序连接到服务器 Trying 202.100.1.2 ... Press CTRL+K to abort Connected to 202.100.1.2. 220 FTP service ready. User(202.100.1.2:(none)):tangjun //输入用户名 331 Password required for tangjun. Enter password: //输入密码 230 User logged in. [AR1-ftp]get updatafile.zip //获取数据文件 200 Port command okay. 150 Opening ASCII mode data connection for updatafile.zip. 226 Transfer complete. //传输成功 FTP: 655 byte(s) received in 0.190 second(s) 3.44Kbyte(s)/sec. [AR1-ftp]
[AR1-ftp]put flash:/dhcp/dhcp-duid.txt //上传文件至AR2根目录 200 Port command okay. 150 Opening ASCII mode data connection for dhcp-duid.txt. 100% 226 Transfer complete. FTP: 98 byte(s) sent in 0.180 second(s) 544.44byte(s)/sec. [AR1-ftp]q 221 Server closing. <AR2>dir Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 98 May 30 2019 16:50:29 dhcp-duid.txt //验证确实从AR1上传了该文件 1 drw- - May 30 2019 16:19:26 dhcp 2 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip 3 -rw- 2,263 May 30 2019 16:19:19 statemach.efs 4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip 1,090,732 KB total (784,460 KB free) <AR2>
----------------------------分割线---------------------------
[AR1]int g0/0/0 [AR1-GigabitEthernet0/0/0]ip add 10.1.1.1 24 //配置设备AR1的IP May 31 2019 01:39:17-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [AR1-GigabitEthernet0/0/0] [AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 10.1.1.2 24 //配置设备AR2的IP May 31 2019 01:40:05-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [AR2-GigabitEthernet0/0/0]ping 10.1.1.1 //ping命令测试链路连通性 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=80 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=10 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/28/80 ms [AR2-GigabitEthernet0/0/0]q [AR2]rsa local-key-pair create //生成本地RSA主机秘钥对 The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]: Generating keys... .......++++++++++++ ...++++++++++++ ................++++++++ ..++++++++ [AR2]dis rsa local-key-pair public //查看本地秘钥对中的公钥信息 ===================================================== Time of Key pair created: 2019-05-31 01:42:10-08:00 //公钥生成的时间 Key name: Host //公钥的名称 Key type: RSA encryption Key //公钥的类型 ===================================================== Key code: 3047 0240 D9ECDB6E 9EECEFAA 41985FA2 B3E9B851 FEBF8F95 A0E9AC13 3E76F9DB CCD8C7F6 430C6860 CBA492EC 5DC2BEE5 3BBDAFE4 B5AADFD9 E67F0750 C9AAA4F9 1BDA1F4D 0203 010001 ===================================================== Time of Key pair created: 2019-05-31 01:42:12-08:00 Key name: Server Key type: RSA encryption Key ===================================================== Key code: 3067 0260 D2F5696B 7E37CF47 A0BC83A3 E493B894 07AD556D AD009F7A 6B84CAD6 A04D41DA E7E6E681 1F033564 DCB9D67B C49B168C 894A88A3 CE999F66 02110D8F 85F1680C D9CD8B18 DF740263 26BFEC8C FBD9D98A A26BFBD2 CE71A57F 345BC3A8 7D8E4737 0203 010001 [AR2] [AR2]user-interface vty 0 1 //配置VTY虚拟用户界面 [AR2-ui-vty0-1]authentication-mode aaa //配置用户AAA授权验证模式 [AR2-ui-vty0-1]protocol inbound ? //指定VTY界面只支持?什么协议 all All protocols ssh SSH protocol telnet Telnet protocol [AR2-ui-vty0-1]protocol inbound ssh //指定VTY用户界面只支持SSH协议 [AR2-ui-vty0-1]aaa [AR2-aaa]local-user tangjun password cipher 123 //配置本地用户tangjun和密文口令123 Info: Add a new user. [AR2-aaa]local-user tangjun service-type ssh //配置本地用户tangjun的接入类型为SSH [AR2-aaa]local-user tangjun privilege level 15 //配置本地用户tangjun的优先级为15最高级 [AR2-aaa]q //此处务必要回退至[AR2],方可使用ssh命令 [AR2]ssh user tangjun authentication-type password //指定用户tangjun为SSH用户,并延续密码认证方式 Authentication type setted, and will be in effect next time [AR2]stelnet server enable //开启设备的STelnet功能(即开启SSH服务器) Info: Succeeded in starting the STELNET server. [AR2]dis ssh user-information tangjun //在SSH服务器查看SSH用户配置信息 ------------------------------------------------------------------------------- Username Auth-type User-public-key-name ------------------------------------------------------------------------------- tangjun password null //可以观察所配置的用户名及认证方式 ------------------------------------------------------------------------------- [AR2]dis ssh server status //查看SSH服务器全局配置信息 SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Disable Stelnet server :Enable //启用状态 [AR1]ssh client first-time enable //开启SSH用户端AR1首次认证功能 [AR1]stelnet 10.1.1.2 //连接对端的SSH服务器 Please input the username:tangjun //输入用户名 Trying 10.1.1.2 ... Press CTRL+K to abort Connected to 10.1.1.2 ... The server is not authenticated. Continue to access it? (y/n)[n]:y //因首次认证,将不对RSA公钥进行有效性检查 May 31 2019 01:52:49-08:00 AR1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server h ad not been authenticated in the process of exchanging keys. When deciding wheth er to continue, the user chose Y. [AR1] Save the server's public key? (y/n)[n]:y //登录后系统会自动分配RSA公钥,留待下次登录认证 The server's public key will be saved with the name 10.1.1.2. Please wait... May 31 2019 01:52:55-08:00 AR1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whet her to save the server's public key 10.1.1.2, the user chose Y. [AR1] Enter password: <AR2> //成功远程登录AR2 <AR2>dis ssh server session //查看当前SSH服务器端的会话连接信息 -------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 0 2.0 AES run password tangjun //可发现:已通过VTY线路0远程登录上了 -------------------------------------------------------------------- <AR2>
[AR2]aaa [AR2-aaa]local-user tangjun2 password cipher 123 //配置本地用户tangjun2和密文口令123 Info: Add a new user. [AR2-aaa]local-user tangjun2 service-type ssh //配置本地用户tangjun2的接入类型为SSH [AR2-aaa]local-user tangjun2 privilege level 3 //配置本地用户tangjun2的优先级为3管理级 [AR2-aaa]local-user tangjun2 ftp-directory flash: [AR2-aaa]q [AR2]ssh user tangjun2 authentication-type password //指定用户tangjun2为SSH用户,并延续密码认证方式 Authentication type setted, and will be in effect next time [AR2]sftp server enable //开启设备的SFTP功能 Info: Succeeded in starting the SFTP server. [AR2]dis ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Enable Stelnet server :Enable <AR1>sy Enter system view, return user view with Ctrl+Z. [AR1]sftp 10.1.1.2 //连接对端AR2的SSH服务器(注意在系统视图下敲命令) Please input the username:tangjun2 Trying 10.1.1.2 ... Press CTRL+K to abort Enter password: sftp-client> //已成功登录AR2 [AR2]dis ssh server session //查看SSH服务器全局配置信息 -------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 0 2.0 AES run password tangjun2 //可发现:已通过VTY线路0远程登录上了 --------------------------------------------------------------------
之所以开博客,纯为记录自己学习的过程,以便查缺补漏。如有参考我的博客,不清晰的地方可以留言或者加好友交流,以助共同进步。
