HCIA学习笔记六：SSH华为路由器

一、拓扑图

1）在路由器中拖出两台AR2220，然后选择设备连线，点击Auto进行设备接线，完成后开启设备。之后，将AR1的IP地址配置为192.168.1.1/24，将AR2的IP地址配置为192.168.1.2/24。

2）两台路由器的配置命令如下所示：
AR1：

1. <Huawei>system-view     
2. [Huawei]sysname AR1
3. [AR1]interface g0/0/0
4. [AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 255.255.255.0
5. [AR1-GigabitEthernet0/0/0]quit

复制代码

AR2：

1. <Huawei>system-view
2. [Huawei]sysname AR2
3. [AR2]interface g0/0/0
4. [AR2-GigabitEthernet0/0/0]ip add 192.168.1.2 255.255.255.0
5. [AR2-GigabitEthernet0/0/0]quit
6. [AR2]ping 192.168.1.1

复制代码

二、SSH

2.1、AR1配置

1）创建SSH用户及密码

1. <AR1>system-view
2. [AR1]aaa
3. [AR1-aaa]local-user tom password cipher huawei privilege level 3
4. [AR1-aaa]local-user tom service-type ssh
5. [AR1-aaa]q

复制代码

2）配置SSH用户的认证方式和服务方式

1. [AR1]ssh user tom authentication-type password

复制代码

3）使能SSH服务

1. [AR1]stelnet server enable

复制代码

4）生成本地密钥对

1. [AR1]rsa local-key-pair create
2. The key name will be: Host
3. % RSA keys defined for Host already exist.
4. Confirm to replace them? (y/n)[n]:y
5. The range of public key size is (512 ~ 2048).
6. NOTES: If the key modulus is greater than 512,
7.        It will take a few minutes.
8. Input the bits in the modulus[default = 512]:
9. Generating keys...
10. .....................++++++++++++
11. ...........++++++++++++
12. ....................................++++++++
13. ..++++++++

复制代码

5）配置VTY用户界面

1. [AR1]user-interface vty 0 4
2. [AR1-ui-vty0-4]authentication-mode aaa
3. [AR1-ui-vty0-4]protocol inbound ssh

复制代码

6）查看SSH服务状态

1. [AR1]display ssh server status

复制代码

2.2、AR2命令

1）客户端第一次登录时生成公钥

1. <AR2>system-view
2. [AR2]ssh client first-time enable

复制代码

2）在AR2上通过SSH远程登录AR1

1. [AR2]stelnet 192.168.1.1
2. Please input the username:tom
3. Trying 192.168.1.1 ...
4. Press CTRL+K to abort
5. Connected to 192.168.1.1 ...
6. The server is not authenticated. Continue to access it? (y/n)[n]:y
7. Jul 26 2022 22:16:36-08:00 AR2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server h
8. ad not been authenticated in the process of exchanging keys. When deciding wheth
9. er to continue, the user chose Y.
10. [AR2]
11. Save the server's public key? (y/n)[n]:y
12. The server's public key will be saved with the name 192.168.1.1. Please wait...
13. Jul 26 2022 22:16:46-08:00 AR2 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whet
14. her to save the server's public key 192.168.1.1, the user chose Y.
15. [AR2]
17. Enter password:

复制代码

• 远程登录成功后，就可以查看/配置AR1了。

1. <AR1>system-view
2. [AR1]display current-configuration

复制代码

 

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！