【華為】華為路由器（交換機）SSH管理的配置

一、實驗拓撲：（拓撲描述-ENSP與真實機結合實現）

二、實驗配置

（1）AR1配置-SSH-server

　　配置AR1接口G0/0/0的IP 地址為10.0.0.2/24。

　　[AR1]interface g0/0/0

　　[AR1]ip add 10.0.0.2 24

　　測試 真實機  與 AR1的連通性：

　　

 

（2）在AR1上啟動SSH服務：[AR1]stelnet server enable

（3）在AR1上配置SSH登錄虛擬接口的認證模式  和  准入  協議：

　　user-interface vty 0 4
 　　authentication-mode aaa
　　 protocol inbound all

（4）在AR1上建立AAA的登錄用戶：

　　aaa
 　　local-user mzh password cipher mzh123
　　 local-user mzh privilege level 3
　　 local-user mzh service-type telnet terminal ssh

（5）在AR1上配置SSH加密 和  認證的相關參數：

　　1、配置SSH登錄的密鑰對：

[AR1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.++++++++++++
.....++++++++++++
.....++++++++
........................++++++++

[AR1]
[AR1]disp rsa local-key-pair public

=====================================================
Time of Key pair created: 2020-05-30 21:35:16-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
  0240
    CE843476 E0DA3F37 FF2193BD B960C7B8 6265A73D
    06F35468 CC953399 3E299D5A F940B1F5 E35D1062
    303B0297 124B82F1 125150EC B5903D8A FD91BFB7
    73D84935
  0203
    010001

=====================================================
Time of Key pair created: 2020-05-30 21:35:20-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
  0260
    98549791 2F7B9401 881CD43A 25070FA5 DA79F01E
    34AA5773 1C6235A9 ECDF6FC4 C0A2F544 E81093B2
    9942B372 8A399A0C 26E742F9 FAF0D5FE 69723A4A
    4BBB96B4 826A779A 7083EADF 0F530394 0C607BBC
    BD4B0D0E A1E2CA9A 239B3F8D 756BC171
  0203
    010001
[AR1]

[AR1]ssh user mzh authentication-type password
 Authentication type setted, and will be in effect next time
[AR1]disp ssh user-information mzh
 -------------------------------------------------------------------------------

 Username         Auth-type          User-public-key-name
 -------------------------------------------------------------------------------
 mzh              password           null                           
 -------------------------------------------------------------------------------
[AR1]

[AR1]disp ssh server status
 SSH version                         :1.99  
 SSH connection timeout              :60 seconds
 SSH server key generating interval  :0 hours
 SSH Authentication retries          :3 times
 SFTP Server                         :Disable
 Stelnet server                      :Enable
[AR1]

三、測試  主機   與 SSH-server 的 連通性：真實機  使用Xshell 實現：

 

 

 

 

 

 <AR1>disp ssh server session
 -------------------------------------------------------------------
 Conn   Ver   Encry     State  Auth-type        Username
 -------------------------------------------------------------------
 VTY 0  2.0   AES       run    password         mzh                 
 -------------------------------------------------------------------
<AR1>