华为设备SSH的实施_第1张图片
1.配置设备ip
system-view //进入系统视图
[AR1]interface GigabitEthernet 0/0/0 //进入GigabitEthernet 0/0/0接口配置
[AR1-GigabitEthernet0/0/0]ip address 10.0.0.1 30 //配置IP为10.0.0.1/30

[SW1]interface Vlanif 1 //进入vlan1逻辑接口配置
[SW1-Vlanif1]IP address 10.0.0.2 30 //配置IP为10.0.0.2/30
测试连通性:
[SW1-Vlanif1]ping 10.0.0.1
PING 10.0.0.1: 56 data bytes, press CTRL_C to break
Reply from 10.0.0.1: bytes=56 Sequence=1 ttl=255 time=90 ms
2.配置AR1的SSH
[AR1]aaa //进入aaa配置模式
[AR1-aaa]local-user zw password cipher 135113 privilege level 15 //创建用户zw,密码为135113,权限级别为15
[AR1-aaa]local-user zw service-type ssh //这个用户服务于SSH
[AR1]stelnet server enable //开启SSH服务
[AR1]ssh user zw authentication-type password //配置SSH用户登录验证方式为密码验证
[AR1] rsa local-key-pair create //生成本地密钥
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y //密钥名称为:主机
%为主机定义的RSA密钥已经存在。
确认更换?(是/否)[否]:是
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:768 //设置公钥的大小,最低为768位
[AR1]user-interface vty 0 4 //进入vty虚拟接口0-4
[AR1-ui-vty0-4]authentication-mode aaa //配置登录方式为aaa模式
[AR1-ui-vty0-4]protocol inbound ssh //允许登录SSH
3.用SW1做客户端连接AR1的SSH服务
[SW1]ssh client first-time enable //第一次配置作为SSH客户端登录需要运行此命令
[SW1]stelnet 10.0.0.1 //连接到AR1的SSH服务器
Please input the username:zw //登录用户名为zw
The server is not authenticated. Continue to access it? [Y/N] :y服务器未通过身份验证。继续访问?
Enter password: //输入密码