華爲交換機路由器ssh登陸設置

elnet登陸抓包是能夠抓到帳號密碼的

因此使用加密的stelnet登陸，更安全點，抓包是沒法抓到帳號密碼

[test-server]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.

Confirm to replace them? (y/n)[n]:y 這裏點Y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:默認是512 也能夠使用更強的1024
Generating keys...
......++++++++++++
...........................++++++++++++
............++++++++
....++++++++

此時，使用SSH協議實現認證，因此在vty通道定義入站流量的協議類型SSH。

interface G0/0/1
ip add 10.10.10.254 24
q
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh

配置 aaa 記住只要設置用戶就給分配權限等級。

local-user test password cipher test
local-user test privilege level 3
local-user test service-type ssh
local-user client2 service-typessh telnet (能夠並列多個服務)

aaa 配置完畢後，要確認ssh是使用密碼做爲認證，這個應該是默承認以不敲。

ssh user client1 authentication-type password

ssh user test service-type all

stelnet server enable

查看ssh server 的狀態

display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Disable
Stelnet server :Enable

服務器端配置完成後，回到R2開啓首次鏈接，加載服務器上的證書

interface G0/0/1
ip add 10.10.10.253 24
ssh client first-time enable
stelnet 10.10.10.254
Please input the username:test
Trying 10.10.10.254 ...
Press CTRL+K to abort
Connected to 10.10.10.254 ...
Enter password:

---

User last login information:

Access Type: SSH
IP-Address : 10.10.10.253 ssh
Time : 2019-05-29 12:01:28-08:00

能夠使用acl放行容許的網段

 acl 2001

rule permit source 10.10.10.1 0[Telnet_Server-acl-basic-2001] quit[Telnet_Server] user-interface vty 0 4[Telnet_Server-ui-vty0-14] protocol inbound ssh[Telnet_Server-ui-vty0-14] acl 2001 inbound