网络设备ssh远程登录

SSH远程登录

首先要拥有一个可以使用的账户

然后定义该账户的privilege level （权限级别）与服务类型

再定义允许登录的用户数量

最后使用stelnet server enable 指令开启服务 

 

<Huawei>sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sysname route

[route]aaa

[route-aaa]local-user dyh password cipher 123                 //123 创建用户dyh，密码123 Info: Add a new user.

[route-aaa]local-user dyh service-type ssh                   //开启用户ssh服务功能

[route-aaa]local-user dyh privilege level 3                     //级别3，等于root，默认值为0（参观级别，不能改配置） 1（可以对系统进行简单维护 2 （较高于1）

[route-aaa]quit

[route]user-interface vty 0 4                                            //允许登录0 1 2 3 4 ，5个人登录

[route-ui-vty0-4]authentication-mode aaa

[route-ui-vty0-4]protocol inbound ssh                            //允许进入设备的协议为ssh

[route-ui-vty0-4]quit [route]stelnet server enable           //开启远程登录功能 Info: Succeeded in starting the STELNET server.

[route]int g0/0/0 [route-GigabitEthernet0/0/0]ip add 192.168.1.1 24             配置ip

交换机（pc）

[sw1]int vlan 1

[sw1-Vlanif1]ip add 192.168.1.2 24

[sw1-Vlanif1]ping 192.168.1.1

[sw1-Vlanif1]quit

[sw1]ssh client first-time enable       //登录命令

[sw1]stelnet 192.168.1.1      //输入ip

Please input the username:dyh

Trying 192.168.1.1 ... Press CTRL+K to abort Connected to 192.168.1.1 ... The server is not authenticated. Continue to access it? [Y/N] :y

Save the server's public key? [Y/N] :y

The server's public key will be saved with the name 192.168.1.1. Please wait...

Enter password:

<route>
Info: The connection was closed by the remote host.

如果在交换机配置远程登录功能，需要比路由器多执行两条命令

【sw1】ssh user dyh authentication-type password    //dyh账户远程连接使用ssh协议时要输入密码验证

【sw1】ssh user dyh service-type stelnet    //在系统视图指定dyh账户支持的服务类型为stelnet

从路由器远程登录到交换机

<sw1>sys

Enter system view, return user view with Ctrl+Z.

[sw1]aaa

[sw1-aaa]local-user dyh password cipher 123

[sw1-aaa]local-user dyh service-type ssh

[sw1-aaa]local-user dyh privilege level 3
[sw1-aaa]quit

[sw1]user-interface vty 0 4

[sw1-ui-vty0-4]authentication-mode aaa

[sw1-ui-vty0-4]protocol inbound ssh
[sw1-ui-vty0-4]quit

[sw1]stelnet server enable
Info: Succeeded in starting the Stelnet server.
[sw1]ssh user dyh authentication-type password
Info: Succeeded in adding a new SSH user.
[sw1]ssh user dyh service-type stelnet

 

路由器登录

[route]ssh client first-time enable

[route]stelnet 192.168.1.2

Please input the username:dyh
Trying 192.168.1.2 ...
Press CTRL+K to abort
Connected to 192.168.1.2 ...
Error: Failed to verify the server's public key.
Please run the command "ssh client first-time enable"to enable the first-time ac
cess function and try again.
[route]ssh client first-time ena
[route]ssh client first-time enable
[route]stelnet 192.168.1.2
Please input the username:dyh
Trying 192.168.1.2 ...
Press CTRL+K to abort
Connected to 192.168.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Oct 3 2023 17:34:53-08:00 route %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server
had not been authenticated in the process of exchanging keys. When deciding whe
ther to continue, the user chose Y.
[route]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.1.2. Please wait...

Oct 3 2023 17:34:54-08:00 route %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wh
ether to save the server's public key 192.168.1.2, the user chose Y.
[route]
Enter password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2023-10-03 17:34:58.
<sw1>