ssh采用非对称加密算法,需要两个秘钥:公开的私钥、私有秘钥,采用公开秘钥加密后的秘闻只能通过对应的私有秘钥进行解密。
telnet采用明文传输无安全认证,存在安全隐患。
1、ssh远程控制拓扑图
2、
AR1的基本配置
<H3C>sys System View: return to User View with Ctrl+Z. [H3C]sysname AR1 [AR1]interface GigabitEthernet 0/0 [AR1-GigabitEthernet0/0]ip address 192.168.20.1 24 [AR1-GigabitEthernet0/0]quit [AR1]save The current configuration will be written to the device. Are you sure? [Y/N]:y Please input the file name(*.cfg)[flash:/startup.cfg] (To leave the existing filename unchanged, press the enter key): Validating file. Please wait... Configuration is saved to device successfully.
AR2的基本配置
<H3C>sys System View: return to User View with Ctrl+Z. [H3C]sysname AR2 [AR2]ssh server enable [AR2]interface GigabitEthernet 0/0 [AR2-GigabitEthernet0/0]ip address 192.168.20.2 24
[AR2]local-user liu
New local user added.
[AR2-luser-manage-liu]password simple a888888888
[AR2-luser-manage-liu]service-type ssh
[AR2-luser-manage-liu]authorization-attribute user-role network-admin
[AR2-luser-manage-liu]quit
[AR2]user-interface vty 0 4
[AR2-line-vty0-4]authentication-mode scheme
[AR2-line-vty0-4]protocol inbound ssh
[AR2-line-vty0-4]quit
[AR2]quit
<AR2>save
The current configuration will be written to the device. Are you sure? [Y/N]:Y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Configuration is saved to device successfully.
3、ssh测试远程登录访问
在AR1用户视图下测试:
<AR1>ssh 192.168.20.2 Username: liu Press CTRL+C to abort. Connecting to 192.168.20.2 port 22. The server is not authenticated. Continue? [Y/N]:Y #提示没有认证是否继续 Do you want to save the server public key? [Y/N]:Y #提示是否保存公钥 liu@192.168.20.2's password: #输入密码 Enter a character ~ and a dot to abort. ****************************************************************************** * Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ******************************************************************************
#通过ssh协议远程登录AR2 成功 <AR2>