Telnet的三種登錄方式
作者:尹正傑
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
一.華為創建telnet的三種驗證方式
首先,我們可以簡單的看一個拓撲圖,讓我們可以在亦庄的路由器上對雙橋的路由器進行操作。
1.無驗證登錄(none方式)
給需要遠程的路由器配置一個互聯的IP地址即可:
1 “亦庄機房”配置如下: 2 [Huawei]interface Ethernet 0/0/1 3 [Huawei-Ethernet0/0/1]ip address 172.30.1.1 24 4 [Huawei-Ethernet0/0/1]undo shutdown 5 [Huawei-Ethernet0/0/1]quit
6 [huawei]sysname yizhuang
在需要遠程的路由器上需要開啟Telnet服務:
“雙橋機房”配置如下: [Huawei]interface Ethernet 0/0/1 [Huawei-Ethernet0/0/1]ip address 172.30.1.2 24 [Huawei-Ethernet0/0/1]undo shutdown [Huawei-Ethernet0/0/1]quit [Huawei]telnet server enable #開啟telnet功能 [Huawei]user-interface vty 0 4 [Huawei-ui-vty0-4]authentication-mode none #設置認證模式 [Huawei-ui-vty0-4]user privilege level 3 #指定登錄賬號的級別 10[huawei]sysname shuangqiao
測試:
1 [yizhuang]interface Ethernet 0/0/1 2 [yizhuang-Ethernet0/0/1]display this #查看當前接口信息 3 # 4 interface Ethernet0/0/1 5 ip address 172.30.1.1 255.255.255.0 6 # 7 return 8 [yizhuang-Ethernet0/0/1]ping 172.30.1.2 #檢查是否能和互聯地址ping通 9 PING 172.30.1.2: 56 data bytes, press CTRL_C to break 10 Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=40 ms 11 Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms 12 Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms 13 Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=50 ms 14 Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms 15 16 --- 172.30.1.2 ping statistics --- 17 5 packet(s) transmitted 18 5 packet(s) received 19 0.00% packet loss 20 round-trip min/avg/max = 20/38/50 ms 21 22 [yizhuang-Ethernet0/0/1]quit 23 [yizhuang]quit 24 <yizhuang>telnet 172.30.1.2 #遠程雙橋地址 25 Trying 172.30.1.2 ... 26 Press CTRL+K to abort 27 Connected to 172.30.1.2 ... 28 29 Info: The max number of VTY users is 10, and the number 30 of current VTY users on line is 1. 31 The current login time is 2017-04-18 18:15:39. 32 <shuangqiao> #登錄成功,顯示的雙橋的主機名 33 <shuangqiao> 34 <shuangqiao>
很顯然:上面不用輸入任何信息就能登錄,沒有安全性可言,誰都能遠程你的設備,所以,這種配置我們一般不采取,除非我們在做實驗的時候會用,好吧~anyway,忘記它吧。
2.基於用戶名驗證(password登錄方式)
清華園路由器配置:
1 “清華園機房”配置如下: 2 <Huawei>system-view 3 [Huawei]interface Ethernet 0/0/1 4 [Huawei-Ethernet0/0/1]ip address 172.30.1.1 24 5 [Huawei-Ethernet0/0/1]undo shutdown 6 [Huawei]sysname qinghuayuan
廊坊路由器配置:
1 “廊坊機房”配置如下: 2 <Huawei>system-view 3 [Huawei]sysname langfang 4 [langfang]interface Ethernet 0/0/1 5 [langfang-Ethernet0/0/1] ip address 172.30.1.2 24 6 [langfang-Ethernet0/0/1]undo shutdown 7 [langfang-Ethernet0/0/1]quit 8 [langfang]telnet server enable 9 [langfang]user-interface vty 0 4 10 [langfang-ui-vty0-4]authentication-mode password #認真的模式 11 [langfang-ui-vty0-4]set authentication password simple 12 13 yinzhengjie #設置明文密碼是“yinzhengjie”
測試結果如下:
1 [qinghuayuan-Ethernet0/0/1]display this 2 # 3 interface Ethernet0/0/1 4 ip address 172.30.1.1 255.255.255.0 5 # 6 return 7 [qinghuayuan-Ethernet0/0/1]ping 172.30.1.2 8 PING 172.30.1.2: 56 data bytes, press CTRL_C to break 9 Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms 10 Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=50 ms 11 Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms 12 Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=60 ms 13 Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms 14 15 --- 172.30.1.2 ping statistics --- 16 5 packet(s) transmitted 17 5 packet(s) received 18 0.00% packet loss 19 round-trip min/avg/max = 30/48/60 ms 20 21 [qinghuayuan-Ethernet0/0/1] 22 <qinghuayuan>telnet 172.30.1.2 23 Trying 172.30.1.2 ... 24 Press CTRL+K to abort 25 Connected to 172.30.1.2 ... 26 27 28 Login authentication 29 30 31 Password: #在此處輸入密碼 32 Info: The max number of VTY users is 10, and the number 33 of current VTY users on line is 1. 34 The current login time is 2017-04-18 18:28:18. 35 <langfang> #密碼輸出正確登錄成功 36 <langfang>
3.基於用戶名和密碼驗證
兆維機房配置如下:
1 “兆維機房”配置如下: 2 <Huawei>system-view 3 [Huawei]sysname zhaowei 4 [zhaowei]interface Ethernet 0/0/1 5 [zhaowei-Ethernet0/0/1]ip address 172.30.1.1 24 6 [zhaowei-Ethernet0/0/1]undo shutdown 7 [zhaowei-Ethernet0/0/1]display this 8 # 9 interface Ethernet0/0/1 10 ip address 172.30.1.1 255.255.255.0 11 # 12 return 13 [zhaowei-Ethernet0/0/1] 14 [zhaowei-Ethernet0/0/1]quit
魯谷機房配置如下:
1 “魯谷機房”配置如下: 2 <Huawei>system-view 3 [Huawei]sysname lugu 4 [lugu]interface Ethernet 0/0/1 5 [lugu-Ethernet0/0/1]ip address 172.30.1.2 24 6 [lugu-Ethernet0/0/1]display this 7 # 8 interface Ethernet0/0/1 9 ip address 172.30.1.2 255.255.255.0 10 # 11 return 12 [lugu-Ethernet0/0/1] 13 [lugu-Ethernet0/0/1]undo shutdown 14 [lugu-Ethernet0/0/1]quit 15 [lugu]user-interface vty 0 4 16 [lugu-ui-vty0-4]authentication-mode aaa 17 [lugu-ui-vty0-4]user privilege level 3 18 [lugu-ui-vty0-4]quit 19 [lugu]aaa #進入aaa配置模式,這是華為的一個特色,哈哈 20 [lugu-aaa]local-user yinzhengjie password cipher 123 #創建一 21 22 個用戶是尹正傑,密碼是用密文加密的是"123" 23 [lugu-aaa]local-user yinzhengjie service-type telnet #只給 24 25 yinzhengjie 這個用戶telnet的權限 26 [lugu-aaa]quit 27 [lugu]super password simple yinzhengjie #設置用戶模式進入系統 28 29 配置模式的密碼為yinzhengjie,加密格式是明文的喲,可以用dis cu 30 31 來查看到這個密碼,建議設置成密文。根據你的重要性了
測試:
1 測試: 2 3 [zhaowei-Ethernet0/0/1]display this 4 # 5 interface Ethernet0/0/1 6 ip address 172.30.1.1 255.255.255.0 7 # 8 return 9 [zhaowei-Ethernet0/0/1]ping 172.30.1.2 10 PING 172.30.1.2: 56 data bytes, press CTRL_C to break 11 Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=60 ms 12 Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=40 ms 13 Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms 14 Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=50 ms 15 Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=40 ms 16 17 --- 172.30.1.2 ping statistics --- 18 5 packet(s) transmitted 19 5 packet(s) received 20 0.00% packet loss 21 round-trip min/avg/max = 30/44/60 ms 22 23 [zhaowei-Ethernet0/0/1] 24 <zhaowei>telnet 172.30.1.2 25 Trying 172.30.1.2 ... 26 Press CTRL+K to abort 27 Connected to 172.30.1.2 ... 28 29 30 Login authentication 31 32 33 Username:yinzhengjie 34 Password: 35 Info: The max number of VTY users is 10, and the number 36 of current VTY users on line is 1. 37 The current login time is 2017-04-18 18:56:35. 38 <lugu>
二.華為配置遠程的主要命令說明
1 [yinzhengjie]aaa 2 [yinzhengjie-aaa]local-user yinzhengjie password cipher 123 3 [yinzhengjie-aaa]local-user yinzhengjie privilege level 15 4 [yinzhengjie-aaa]local-user yinzhengjie service-type telnet 5 [yinzhengjie-aaa]quit 6 [yinzhengjie]user-interface vty 0 4 7 [yinzhengjie-ui-vty0-4]authentication-mode aaa 8 [yinzhengjie-ui-vty0-4]user privilege level 15 9 [yinzhengjie-ui-vty0-4]protocol inbound telnet 10 [yinzhengjie-ui-vty0-4]quit 11 [yinzhengjie]telnet server enable
三.H3C配置遠程管理的案例展示
網絡拓撲圖實驗:
1.不需要驗證(none,該方式不推薦使用,一般都是你在實驗的時候可以這樣配置,現實中切記不要使用喲!)
1 1>.R1路由器配置如下 2 [R1]interface GigabitEthernet 0/0 3 [R1-GigabitEthernet0/0]ip address 172.30.1.1 24 4 [R1-GigabitEthernet0/0]undo shutdown 5 [R1-GigabitEthernet0/0]quit 6 [R1]telnet server enable ------開啟Telnet服務 7 [R1]user-interface vty 0 4 8 [R1-line-vty0-4]authentication-mode none 9 [R1-line-vty0-4]user-role level-15 ------->指定登錄賬號的級別 10 [R1-line-vty0-4] 11 12 2>.R2路由器配置如下 13 [R2]interface GigabitEthernet 0/0 14 [R2-GigabitEthernet0/0]ip address 172.30.1.2 24 15 [R2-GigabitEthernet0/0]undo shutdown 16 [R2-GigabitEthernet0/0]ping 172.30.1.1 17 Ping 172.30.1.1 (172.30.1.1): 56 data bytes, press CTRL_C to break 18 56 bytes from 172.30.1.1: icmp_seq=0 ttl=255 time=1.067 ms 19 56 bytes from 172.30.1.1: icmp_seq=1 ttl=255 time=0.590 ms 20 56 bytes from 172.30.1.1: icmp_seq=2 ttl=255 time=0.640 ms 21 56 bytes from 172.30.1.1: icmp_seq=3 ttl=255 time=0.605 ms 22 56 bytes from 172.30.1.1: icmp_seq=4 ttl=255 time=0.578 ms 23 24 --- Ping statistics for 172.30.1.1 --- 25 5 packets transmitted, 5 packets received, 0.0% packet loss 26 round-trip min/avg/max/std-dev = 0.578/0.696/1.067/0.187 ms 27 [R2-GigabitEthernet0/0]%Feb 23 02:22:13:211 2018 R2 PING/6/PING_STATISTICS: Ping statistics for 172.30.1.1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.578/0.696/1.067/0.187 ms. 28 29 [R2-GigabitEthernet0/0]quit 30 [R2]quit 31 <R2>telnet 172.30.1.1 ------->這里我們就開始Telnet設備R1,只要2個設備連通就可以遠程上去了 32 Trying 172.30.1.1 ... 33 Press CTRL+K to abort 34 Connected to 172.30.1.1 ... 35 36 ****************************************************************************** 37 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * 38 * Without the owner's prior written consent, * 39 * no decompiling or reverse-engineering shall be allowed. * 40 ****************************************************************************** 41 42 <R1>
2.只需要密碼驗證(password)
1 1.R1路由器配置如下: 2 [R1]interface GigabitEthernet 0/0 3 [R1-GigabitEthernet0/0]ip address 172.30.1.1 24 4 [R1-GigabitEthernet0/0]undo shutdown 5 [R1-GigabitEthernet0/0]quit 6 [R1]telnet server enable 7 [R1]user-interface vty 0 4 8 [R1-line-vty0-4]authentication-mode password ----->開啟認證模式為password模式 9 [R1-line-vty0-4]set authentication password simple 123 ------>設置認證密碼為123(明文喲) 10 [R1-line-vty0-4]user-role level-15 ------->設置賬戶的等級為15級 11 [R1-line-vty0-4] 12 13 2>.R2路由器配置如下 14 [R2]interface GigabitEthernet 0/0 15 [R2-GigabitEthernet0/0]IP address 172.30.1.2 24 16 [R2-GigabitEthernet0/0]undo shutdown 17 [R2-GigabitEthernet0/0]quit 18 [R2]quit 19 <R2>telnet 172.30.1.1 ------->開始遠程R1路由器 20 Trying 172.30.1.1 ... 21 Press CTRL+K to abort 22 Connected to 172.30.1.1 ... 23 24 ****************************************************************************** 25 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * 26 * Without the owner's prior written consent, * 27 * no decompiling or reverse-engineering shall be allowed. * 28 ****************************************************************************** 29 30 Password: ------->我們需要設置R1設置的密碼, 即“123” 31 <R1> 32 <R1> 33 <R1>
3.需要用戶名和密碼驗證(scheme方式)
1 1>.R1路由器配置如下: 2 [R1]interface GigabitEthernet 0/0 3 [R1-GigabitEthernet0/0]IP address 172.30.1.1 24 4 [R1-GigabitEthernet0/0]undo shutdown 5 [R1-GigabitEthernet0/0]quit 6 [R1]telnet server enable 7 [R1]user-interface vty 0 4 8 [R1-line-vty0-4]authentication-mode scheme ------>開啟用戶名密碼登錄方式 9 [R1-line-vty0-4]user-role level-15 10 [R1-line-vty0-4]quit 11 [R1]local-user yinzhengjie 12 New local user added. 13 [R1-luser-manage-yinzhengjie]password simple 123 ------>設置明文密碼為"123" 14 [R1-luser-manage-yinzhengjie]service-type telnet ----->設置服務類型及優先級 15 [R1-luser-manage-yinzhengjie]quit 16 [R1]super password simple 666 ------>這里我們設置了普通視圖進入系統視圖的密碼,個別用戶是需要輸入這個密碼才可以登錄進來的喲! 17 18 19 20 2>.R2路由器配置如下: 21 [R2]interface GigabitEthernet 0/0 22 [R2-GigabitEthernet0/0]ip address 172.30.1.2 24 23 [R2-GigabitEthernet0/0]undo shutdown 24 [R2-GigabitEthernet0/0]quit 25 [R2]quit 26 <R2>telnet 172.30.1.1 27 Trying 172.30.1.1 ... 28 Press CTRL+K to abort 29 Connected to 172.30.1.1 ... 30 31 ****************************************************************************** 32 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * 33 * Without the owner's prior written consent, * 34 * no decompiling or reverse-engineering shall be allowed. * 35 ****************************************************************************** 36 37 login: yinzhengjie ----->這里我們輸入在R1上配置的用戶名“yinzhengjie” 38 Password: ------>這里我們輸入用戶名“yinzhengjie”對應的密碼“123” 39 <R1> 40 <R1> 41