H3C MSR3620配置SSH登录最简配置

[H3C-MSR3620]public-key local create rsa这行执行后 在配置文件中没有 说明生成的RSA密钥已生成并存在了路由器中
当下次清空配置 此RSA还存在 因为再敲此行命令时说 已存在是否覆盖 所以你懂

[H3C-MSR3620]dis cur
#
version 7.1.049, Release 0106P21
#
sysname H3C-MSR3620
#
password-recovery enable
#
vlan 1
#
controller Cellular0/0
#
controller Cellular0/1
#
interface Aux0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
#
interface GigabitEthernet0/1
port link-mode route
#
interface GigabitEthernet0/2
port link-mode route
ip address 192.168.2.254 255.255.255.0
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 4----------------------(步骤三)
authentication-mode scheme
user-role network-operator
protocol inbound ssh---------可加,可有可无
#
line vty 5 63
user-role network-operator
#
ssh server enable----------------(步骤一)
ssh server compatible-ssh1x disable------ # 禁用低版本SSH1（安全加固）可有可无 没禁用 用ssh1或2版本建立都可登录
#
domain system
#
aaa session-limit ftp 32
aaa session-limit telnet 32
aaa session-limit http 32
aaa session-limit ssh 32
aaa session-limit https 32
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user ssh class manage-----------(步骤二)
password hash $h$6$Ni12fpeDTLECvlDv$Biph/44B+vwPO1tBIFGnHy1OJ6CxwUNWxaU9jx3u5Whc12CEgTd/qfXbxnJ2vJKJ3X4sUZwe0wR/Xrwu6vd1Aw==
service-type ssh
authorization-attribute user-role 15------只此 配置命令不全
authorization-attribute user-role network-admin如果只是一个15,则仅有很少的命令,仅限不够配置,加此行OK
authorization-attribute user-role network-operator
#
return
[H3C-MSR3620]save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[cfa0:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Configuration is saved to device successfully.

------------------------------------关于密钥的补充说明

生成(创建)RSA密钥（默认长度2048位）已存于设备中,清空配置此密钥也存在,直到destroy删除此密钥

[H3C-MSR3620]public-key local destroy rsa
Confirm to destroy the key pair? [Y/N]:y

此时尽管vty允许ssh 及 local-user userName允许ssh 及 ssh server enable都已配置,也无法通过ssh加密登录

[H3C-MSR3620]public-key local create rsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
............++++++
.......................++++++
.......................++++++++
..++++++++
Create the key pair successfully.

又可通过ssh远程登录设备了