路由交换学习第四天：路由器配置SSH认证登陆

华为路由器1：
<Huawei>sys //进入系统视图
[Huawei]interface g0/0/0 //进入g0/0/0配置
[Huawei-GigabitEthernet0/0/0]ip address 202.100.1.1 30 //配置IP地址为202.100.1.1 30
[Huawei-GigabitEthernet0/0/0]q
[Huawei]aaa //进入aaa
[HW-R1-aaa]local-user huawei password cipher huawei123 //创建用户huawei和密码huawei123
[Huawei-aaa]local-user huawei service-type ssh //用户huawei认证默认是SSH
[Huawei-aaa]local-user huawei privilege level 15 //用户huawei用户权限15级
[Huawei-aaa]q //退出
[Huawei]ssh user huawei authentication-type password //SSH用户huawei认证模式是密码认证
Authentication type setted, and will be in effect next time
[Huawei]stelnet server enable //开启SSH认证服务
Info: Succeeded in starting the STELNET server.
[Huawei]rsa local-key-pair create //生成本地认证秘钥
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y //是否确定更换现有秘钥（是）
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:768 //默认512位密码，输入产生的秘钥长度（768）
Generating keys...
................++++++++
.++++++++
.+++++++++
.+++++++++
[Huawei]user-interface vty 0 4 //进入配置虚拟终端
[Huawei-ui-vty0-4]authentication-mode aaa //虚拟终端认证模式为AAA
[Huawei-ui-vty0-4]protocol inbound ssh //开启SSH
[Huawei-ui-vty0-4]q //退出
[Huawei]sys HW-R1 //设置设备名称HW-R1
[HW-R1]

华为路由器2:

<Huawei>sys //进入系统视图
[Huawei]interface g0/0/0 //进入g0/0/0配置
[Huawei-GigabitEthernet0/0/0]ip address 202.100.1.2 30 //配置IP地址为202.100.1.2 30
[Huawei-GigabitEthernet0/0/0]q //退出
[Huawei]ssh client first-time enable //开启SSH第一次登陆
[Huawei]stelnet 202.100.1.1
Please input the username:huawei //输入用户名huawei
Trying 202.100.1.1 ...
Press CTRL+K to abort
Error: Failed to connect to the remote host.
[Huawei]stelnet 202.100.1.1
Please input the username:huawei
Trying 202.100.1.1 ...
Press CTRL+K to abort
Error: Failed to connect to the remote host.
[Huawei]stelnet 202.100.1.1
Please input the username:huawei
Trying 202.100.1.1 ...
Press CTRL+K to abort
Connected to 202.100.1.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y //是否接收秘钥
Jul 29 2019 16:43:31-08:00 Huawei %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server had not been authenticated in the process of exchanging keys. When deciding whether to continue, the user chose Y.
[Huawei]
Save the server‘s public key? (y/n)[n]:y //是否保存秘钥在本地
The server‘s public key will be saved with the name 202.100.1.1. Please wait...

Jul 29 2019 16:43:33-08:00 Huawei %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding whether to save the server‘s public key 202.100.1.1, the user chose Y.
[Huawei]
Enter password: //输入密码
<Huawei>sys //进入系统视图
[HW-R1]
<HW-R1>dis users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
0 CON 0 00:02:26 pass Username : Unspecified

• 129 VTY 0 00:00:00 SSH 202.100.1.2 pass Username : huawei

原文地址：https://blog.51cto.com/63736/2424625