实验12 SSH
实验任务一:SSH客户端登陆到服务器端
-
建立物理连接
-
配置SSH客户端SWA
[SwitchA]INT VLAN 1
[SwitchA-Vlan-interface1]ip ad 10.1.1.2 24
[SwitchA]public-key local create dsa //生成DSA密钥对
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:1024
Generating Keys...
..
Create the key pair successfully.
[SwitchA]public-key local export dsa ssh2 key.pub
//将生成的DSA主机公钥导出到只等KEY.PUB中,并上传到服务器的flash中。 -
配置SSH服务器
[SwitchB]int Vlan-interface 1
[SwitchB-Vlan-interface1]ip ad 10.1.1.1 24
[SwitchB]public-key local create dsa
The local key pair already exists.
Confirm to replace it? [Y/N]:y
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:1024
Generating Keys...
.
Create the key pair successfully.
[SwitchB]public-key local create rsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:1024
Generating Keys...
.
Create the key pair successfully.
[SwitchB]ssh server enable
[SwitchB]user-interface vty 0 63
[SwitchB-line-vty0-63]authentication-mode scheme
//设置SSH用户界面的认证方式为AAA认证
[SwitchB-line-vty0-63]protocol inbound ssh
//设置SWB远程用户登录协议为SSH
[SwitchB-line-vty0-63]user-role level-15
[SwitchB]public-key peer Switch001 import sshkey key.pub
Failed to read the file.//奇怪的是没办法读取到远端的公钥。
[SwitchB]ssh user client002 service-type stelnet authentication-type publickey a
ssign publickey Switch001
4.登陆到服务器端
//理论上是可以登陆到服务器
5.检查SSH相关表项,能查看到SSH登陆用户
UserPid SessID Ver Encrypt State Retries Serv Username
6.指定SSH客户端的源IP
[SwitchA]ssh client source ip 2.2.2.2
Username: client002
Press CTRL+C to abort.
Connecting to 10.1.1.1 port 22.
[SwitchA]ssh client source ip 10.1.1.2
[SwitchA]qui
Username: client002
Press CTRL+C to abort.
Connecting to 10.1.1.1 port 22.
实验任务二:SFTP客户端登陆到服务器端
-
配置SFTP服务器SWB
[SwitchB]public-key local create dsa
[SwitchB]public-key local create rsa
[SwitchB]sftp server enable -
创建本地用户testssh
[SwitchB]local-user testssh class manage
New local user added.
[SwitchB-luser-manage-testssh]password simple aabbcc
[SwitchB-luser-manage-testssh]service-type ssh
[SwitchB]ssh user testssh service-type sftp authentication-type password
//SSH用户认证方式为Password,服务类型为SFTP
[SwitchB-luser-manage-testssh]authorization-attribute user-role network-admin
3.SFTP客户端登陆服务器
//开始只能出现这个,因为没有配置红色的命令,权限不足打不开文件
sftp 10.1.1.1
Username: testssh
Press CTRL+C to abort.
Connecting to 10.1.1.1 port 22.
testssh@10.1.1.1's password:
sftp>
sftp>
sftp> dir
Couldn't read directory, Permission denied.
//配置了权限后,可以看到sftp服务器的文件。
sftp 10.1.1.1
Username: testssh
Press CTRL+C to abort.
Connecting to 10.1.1.1 port 22.
testssh@10.1.1.1's password:
sftp>
sftp>
sftp> dir
drwxrwxrwx 2 1 1 4096 Jun 2 20:08 diagfile
-rwxrwxrwx 1 1 1 567 Jun 2 20:18 dsakey
-rwxrwxrwx 1 1 1 735 Jun 2 20:18 hostkey
-rwxrwxrwx 1 1 1 21632 Jun 2 20:08 licbackup
drwxrwxrwx 3 1 1 4096 Jun 2 20:08 license
-rwxrwxrwx 1 1 1 21632 Jun 2 20:08 licnormal
drwxrwxrwx 2 1 1 4096 Jun 2 20:08 logfile
-rwxrwxrwx 1 1 1 0 Jun 2 20:08 s5820v2_5830v2-cmw710-boot-a7514.bin
-rwxrwxrwx 1 1 1 0 Jun 2 20:08 s5820v2_5830v2-cmw710-system-a7514.bin
drwxrwxrwx 2 1 1 4096 Jun 2 20:08 seclog
-rwxrwxrwx 1 1 1 591 Jun 2 20:18 serverkey
sftp>
//ssh1与SSH2协议不兼容,意味着SSH1的客户端不能与允许SSH2的服务器连接。
浙公网安备 33010602011771号