五杀摇滚小拉夫

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理
5、配置ssh协议远程访问

ssh采用非对称加密算法,需要两个秘钥:公开的私钥、私有秘钥,采用公开秘钥加密后的秘闻只能通过对应的私有秘钥进行解密。

telnet采用明文传输无安全认证,存在安全隐患。

1、ssh远程控制拓扑图

2、

 AR1的基本配置

<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname AR1
[AR1]interface GigabitEthernet 0/0
[AR1-GigabitEthernet0/0]ip address 192.168.20.1 24
[AR1-GigabitEthernet0/0]quit
[AR1]save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Configuration is saved to device successfully.

AR2的基本配置

<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname AR2
[AR2]ssh server enable
[AR2]interface GigabitEthernet 0/0
[AR2-GigabitEthernet0/0]ip address 192.168.20.2 24
[AR2]local-user liu
New local user added.
[AR2-luser-manage-liu]password simple a888888888
[AR2-luser-manage-liu]service-type ssh
[AR2-luser-manage-liu]authorization-attribute user-role network-admin
[AR2-luser-manage-liu]quit
[AR2]user-interface  vty 0 4
[AR2-line-vty0-4]authentication-mode scheme
[AR2-line-vty0-4]protocol inbound ssh
[AR2-line-vty0-4]quit
[AR2]quit
<AR2>save
The current configuration will be written to the device. Are you sure? [Y/N]:Y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Configuration is saved to device successfully.

3、ssh测试远程登录访问

在AR1用户视图下测试:

<AR1>ssh 192.168.20.2
Username: liu
Press CTRL+C to abort.
Connecting to 192.168.20.2 port 22.
The server is not authenticated. Continue? [Y/N]:Y #提示没有认证是否继续
Do you want to save the server public key? [Y/N]:Y #提示是否保存公钥
liu@192.168.20.2's password: #输入密码
Enter a character ~ and a dot to abort.

******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************

#通过ssh协议远程登录AR2 成功
<AR2>

 

posted on 2023-06-15 10:59  五杀摇滚小拉夫  阅读(47)  评论(0编辑  收藏  举报