1、SSH是密文傳輸協議,比Telnet更加安全,所以需要先創建秘鑰對,用來加密傳輸內容用的
rsa local-key-pair create //創建本地秘鑰對
The key name will be: Core-SW_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:
Generating keys…
…+++++
…++
…++++
…++
2、創建admin用戶,設置密碼,開啟ssh登錄權限
aaa //進入AAA模式,華為更改用戶都要進入此模式
local-user admin password cipher XXX //新建用戶admin,並設置密碼為XXX
Info: Add a new user.
local-user test privilege level 15 //設置用戶級別,一般設置3,我習慣設置最高15
local-user admin service-type ssh telnet http //用戶登錄的訪問方式,我習慣開啟這三種,開多方便,開少安全
3、查詢創建ssh用戶,賦予用戶SSH
dis ssh user-information //查看是否存在ssh用戶
Info: No SSH user exists.
ssh user admin authentication-type password //創建ssh用戶admin,設置認證模式為密碼認證
ssh user admin service-type stelnet //設置admin用戶的登錄服務類型為stelnet,即SSH
4、交換機啟用SSH服務
ssh server enable //開啟SSH服務
Info: Succeeded in starting the Stelnet server.
5、配置vty界面支持的登錄協議
user-interface vty 0 4 //進入vty 0 4的界面
authentication-mode aaa //設置密碼模式為AAA里的設置
protocol inbound all //我習慣設置all,支持所有