华为交换机路由器ssh登陆设置

elnet登陆抓包是能够抓到帐号密码的

因此使用加密的stelnet登陆，更安全点，抓包是没法抓到帐号密码

[test-server]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.

Confirm to replace them? (y/n)[n]:y 这里点Y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:默认是512 也能够使用更强的1024
Generating keys...
......++++++++++++
...........................++++++++++++
............++++++++
....++++++++

此时，使用SSH协议实现认证，因此在vty通道定义入站流量的协议类型SSH。

interface G0/0/1
ip add 10.10.10.254 24
q
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh

配置 aaa 记住只要设置用户就给分配权限等级。

local-user test password cipher test
local-user test privilege level 3
local-user test service-type ssh
local-user client2 service-typessh telnet (能够并列多个服务)

aaa 配置完毕后，要确认ssh是使用密码做为认证，这个应该是默承认以不敲。

ssh user client1 authentication-type password

ssh user test service-type all

stelnet server enable

查看ssh server 的状态

display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Disable
Stelnet server :Enable

服务器端配置完成后，回到R2开启首次链接，加载服务器上的证书

interface G0/0/1
ip add 10.10.10.253 24
ssh client first-time enable
stelnet 10.10.10.254
Please input the username:test
Trying 10.10.10.254 ...
Press CTRL+K to abort
Connected to 10.10.10.254 ...
Enter password:

---

User last login information:

Access Type: SSH
IP-Address : 10.10.10.253 ssh
Time : 2019-05-29 12:01:28-08:00

能够使用acl放行容许的网段

 acl 2001

rule permit source 10.10.10.1 0[Telnet_Server-acl-basic-2001] quit[Telnet_Server] user-interface vty 0 4[Telnet_Server-ui-vty0-14] protocol inbound ssh[Telnet_Server-ui-vty0-14] acl 2001 inbound