华为交换机配置入门(四)
SSH服务配置
实验拓扑
#基础配置
<Huawei>system-view
[Huawei]sysname R1
[R1]int GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.1.1.1 24
#创建秘钥对
[R1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
..++++++++++++
.........++++++++++++
........++++++++
...++++++++
#查看秘钥对
[R1]display rsa local-key-pair public
=====================================================
Time of Key pair created: 2019-06-25 15:43:00-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
D7ECC107 8B61CAB4 5CD2F56A FB67E1E8 B0CD0688
55B0E1C0 79420473 CACE51DF 3E72ACF1 F96D67AE
6CB3F2BF 6DA2742D 28A9045A 0686BFB5 1E337456
CB5EF0CB
0203
010001
=====================================================
Time of Key pair created: 2019-06-25 15:43:02-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
CB4E707A 1254DE1F C783396A C306D420 59DF2F0A
60BF47AF 7018159B 3906CE64 12EDA1DF 9E3D9670
83A9CC92 F291DF3D C45FFDCC 3D35C30C C915CCD2
6DF673F4 D890B3A9 F976F816 7F5691D2 E7DD85E9
2F658F65 1FE87688 49D3B274 8ABB5C57
0203
010001
#Time of Key pair created-公钥生成的时间;
#Key name-公钥的名称/描述;
#Key type-公钥的类型;
#配置vty接口
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
[R1-ui-vty0-4]protocol inbound ssh #仅允许ssh
#创建用户
[R1]aaa
[R1-aaa]local-user huawei1 password cipher huawei1
Info: Add a new user.
[R1-aaa]local-user huawei service-type ssh #为用户打开ssh功能
[R1-aaa]local-user huawei privilege level 3 #设置用户权限级别为3级
#交换机、路由器全局开启ssh功能
[R1]stelnet server enable
Info: Succeeded in starting the STELNET server.
#查看ssh用户登入信息
[R1]display ssh user-information huawei1
-------------------------------------------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
huawei1 password null
-------------------------------------------------------------------------------
#查看SSH服务的状态
[R1]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Disable
Stelnet server :Enable
#模拟登入
#当SSH用户端第一次登入SSH服务器时,用户端还没有保存SSH服务器的RSA公钥,
#会对服务器的RSA有效性公钥检查失败,从而导致登入失败,因此当用户端R1首
#次登入时,需要开启SSH用户端首次认证功能,不对SSH服务器的RSA公钥进行有
#效性检查。
<R2>system-view
[R2]ssh client first-time enable
[R2]stelnet 10.1.1.1
Please input the username:huawei1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Jun 25 2019 16:03:45-08:00 R2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y.
[R2]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.1.1.1. Please wait...
Jun 25 2019 16:03:49-08:00 R2 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wheth
er to save the server's public key 10.1.1.1, the user chose Y.
[R2]
Enter password:
<R1>
#查看SSH服务的会话
[R1]display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password huawei1
--------------------------------------------------------------------
#配置SFTP Server与Client
[R1]aaa
[R1-aaa]local-user huawei2 password cipher huawei2
Info: Add a new user.
[R1-aaa]local-user huawei2 privilege level 3
[R1-aaa]local-user huawei2 ftp-directory flash:
[R1-aaa]qu
[R1]ssh user huawei2 authentication-type password
Authentication type setted, and will be in effect next time
[R1]sftp server enable
Info: Succeeded in starting the SFTP server.
#查看SSH服务的状态
[R1]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
Stelnet server :Enable
#测试SSH服务
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]sftp 10.1.1.1
Please input the username:huawei2
Trying 10.1.1.1 ...
Press CTRL+K to abort
Enter password:
sftp-client>dir
drwxrwxrwx 1 noone nogroup 0 Jun 25 05:45 dhcp
drwxrwxrwx 1 noone nogroup 0-rwxrwxrwx 1 noone nogroup 1218
02 May 26 2014 portalpage.zip
-rwxrwxrwx 1 noone nogroup 540 Jun 25 07:43 rsa_server_key.efs
-rwxrwxrwx 1 noone nogroup 396 Jun 25 07:43 rsa_host_key.efs
-rwxrwxrwx 1 noone nogroup 2263 Jun 25 07:37 statemach.efs
-rwxrwxrwx 1 noone nogroup 828482 May 26 2014 sslvpn.zip
drwxrwxrwx 1 noone nogroup 0 Jun 25 07:43 .
sftp-client>
#查看SSH Server状态
[R1]display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password huawei2
--------------------------------------------------------------------