华为路由器配置 SSH 远程登录

实验拓扑图如下：

# 第一步：SSH-server 基础配置

[SSH-server-GigabitEthernet0/0/0]aaa # 进入 aaa 视图配置

[SSH-server-aaa]local-user devan password cipher sshtest # 创建用户 devan，密码为 sshtest

[SSH-server-aaa]local-user devan service-type ssh # 配置 devan 用户类型为 ssh

[SSH-server-aaa]local-user devan privilege level 15 # 配置 devan 用户权限为15（用户权限最高为15）

[SSH-server-aaa]q # 退出 aaa 视图配置

[SSH-server]ssh user devan authentication-type password # 设置 devan 用户 ssh 登录模式为密码登录

[SSH-server]stelnet server enable # 开启 ssh 认证服务

[SSH-server]rsa local-key-pair create # 生成 rsa 密钥，密钥长度默认为2048位，不同型号或厂商的网络设备可能不一样

The key name will be: Host

RSA keys defined for Host already exist.

Warning: Confirm to replace them! Continue? [Y/N]y

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is less than 2048,

It will introduce potential security risks.

Input the bits in the modulus[default = 2048]:

Generating keys...

...........................................+++

..+++

....................++++++++

................++++++++

[SSH-server]user-interface vty 0 4 # 进入虚拟终端

[SSH-server-ui-vty0-4]authentication-mode aaa # 设置虚拟终端认证模式为 aaa

[SSH-server-ui-vty0-4]protocol inbound ssh # 启动 ssh

[SSH-server-ui-vty0-4]return # 返回视图模式

<SSH-server>save # 保存配置

# 第二步：SSH-client1 基础配置

[SSH-client1]ssh client first-time enable # 开启 ssh 客户端首次认证

[SSH-client1]return # 返回视图模式

<SSH-client1>save # 保存配置

<SSH-client1>stelnet 10.0.0.1 # ssh 验证登录

Please input the username:devan # 输入远程登录用户名

Trying 10.0.0.1 ...

Press CTRL+K to abort

Connected to 10.0.0.1 ...

The server is not authenticated. Continue to access it? [Y/N]:y # 接收公钥

Oct 29 2022 09:04:42+00:00 SSH-client1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[2]:The server had not been authenticated in the process of exchanging keys. When deciding whether to continue, the user chose Y.

<SSH-client1>

Save the server's public key? [Y/N]:y # 保存公钥

The server's public key will be saved with the name 10.0.0.1. Please wait...

Oct 29 2022 09:04:58+00:00 SSH-client1 %%01SSH/4/SAVE_PUBLICKEY(l)[3]:When deciding whether to save the server's public key 10.0.0.1, the user chose Y.

<SSH-client1>

Enter password: # 输入远程用户 devan 的密码后登录成功

<SSH-server>

# 第三步：SSH-client2 基础配置

# 第四步：配置路由（ip 或 route 命令配置的路由都是临时的，想要配置永久路由可以选择更改配置文件或使用 nmcli 命令）

# 路由配置成功后即可通过 SSH-client2 连接 SSH-server