配置通過STelnet登錄設備示例
組網圖形
圖1 配置用戶通過STelnet登錄設備組網圖
在服務器端生成本地密鑰對
<HUAWEI> system-view [HUAWEI] sysname SSH_Server [SSH_Server] dsa local-key-pair create Info: The key name will be: HUAWEI_Host_DSA. Info: The key modulus can be any one of the following : 1024, 2048. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=2048]: Info: Generating keys... Info: Succeeded in creating the DSA host keys.
# 配置允許用戶登錄設備的主機地址。
[Telnet_Server] acl 2001 [Telnet_Server-acl-basic-2001] rule permit source 10.1.1.1 0 [Telnet_Server-acl-basic-2001] quit [Telnet_Server] user-interface vty 0 14 [Telnet_Server-ui-vty0-14] protocol inbound ssh [Telnet_Server-ui-vty0-14] acl 2001 inbound
# 新建用戶名為client001的SSH用戶,且認證方式為Password。
[SSH_Server] aaa [SSH_Server-aaa] local-user client001 password irreversible-cipher Huawei@123 [SSH_Server-aaa] local-user client001 privilege level 3 [SSH_Server-aaa] local-user client001 service-type ssh [SSH_Server-aaa] quit [SSH_Server] ssh user client001 authentication-type password
SSH服務器端開啟STelnet服務功能
[SSH_Server] stelnet server enable
配置SSH用戶client001的服務方式為STelnet
[SSH_Server] ssh user client001 service-type stelnet
驗證配置結果
# PC端client001用password認證方式連接SSH服務器。
# 通過PuTTY軟件登錄設備,輸入設備的IP地址,選擇協議類型為SSH。
圖2 通過PuTTY軟件用password認證方式連接SSH服務器示意圖
# 點擊“Open”,出現如下界面,輸入用戶名和密碼,並按Enter鍵,至此已登錄到SSH服務器。(以下顯示信息僅為示意)
login as: client001
Sent username "client001"
client001@10.137.217.203's password:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 5.
The current login time is 2012-08-06 09:35:28+00:00.
<SSH_Server>
配置文件
SSH_Server的配置文件
# sysname SSH_Server # aaa local-user client001 password irreversible-cipher $1a$aVW8S=aP=B<OWi1Bu'^R[=_!~oR*85r_nNY+kA(I}[TiLiVGR-i/'DFGAI-O$ local-user client001 privilege level 3 local-user client001 service-type ssh # stelnet server enable ssh user client001 ssh user client001 authentication-type password ssh user client001 service-type stelnet # user-interface vty 0 14 authentication-mode aaa # return