防火墙的配置ssh

骤
1
配置
FW
。
1.
在
GigabitEthernet 1/0/1
接口上启用
SSH
服务。

system-view
[FW]
interface GigabitEthernet 1/0/1
[FW-GigabitEthernet1/0/1] ip add 10.1.1.1 24
[FW-GigabitEthernet1/0/1]
service-manage enable
[FW-GigabitEthernet1/0/1]
service-manage ssh permit
[FW-GigabitEthernet1/0/1]
quit
[FW]firewall zone trust
[FW]add int g1/0/1
quit
2.
配置验证方式为
AAA
。
[FW]
user-interface vty 0 4
[FW-ui-vty0-4]
authentication-mode aaa
[FW-ui-vty0-4]
protocol inbound ssh
[FW-ui-vty0-4]
user privilege level 3
[FW-ui-vty0-4]
quit
3.
创建
SSH
管理员帐号

认证）中的配置步骤。
[FW]
aaa
[FW-aaa]
manager-user sshadmin
[FW-aaa-manager-user-sshadmin]
password
Enter Password:
Confirm Password:
[FW-aaa-manager-user-sshadmin]
service-type ssh
[FW-aaa-manager-user-sshadmin]
quit

生成本地密钥对。
[FW]
rsa local-key-pair create
The key name will be: FW_Host
The range of public key size is (512
~
2048).
NOTES: A key shorter than 1024 bits may cause security risks.
The generation of a key longer than 512 bits may take several minutes.
Input the bits in the modulus[default = 2048]:
Generating keys…
…++++++++
…++++++++
…+++++++++
…+++++++++
5.
启用
STelnet
服务。
[FW]
stelnet server enable
6.
配置
SSH
用户。
[FW]
ssh user sshadmin
[FW]
ssh user sshadmin authentication-type password
[FW]
ssh user sshadmin service-type stelnet
7.路由器

[Huawei]ssh client first-time enable

。[Huawei]stelnet 10.1.1.1

配置
SSH
服务器服务端口号
1025
，