HCNA配置ssh远程登陆

Posted 2020-10-17 智聚

1、拓扑图

 

 最终实现通过AR１　来SSH登陆到AR2 上

 

2、配置AR2为开启SSH服务

 

Please press enter to start cmd line!
##############
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int    
[Huawei]interface g    
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr    
[Huawei-GigabitEthernet0/0/0]ip address 12.1.1.2 24
[Huawei-GigabitEthernet0/0/0]
Dec  8 2017 22:12:30-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[1]:The line protocol
 IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[Huawei-GigabitEthernet0/0/0]q
[Huawei]stel    
[Huawei]stelnet ser    
[Huawei]stelnet server en    
[Huawei]stelnet server enable 
Info: Succeeded in starting the STELNET server.
[Huawei]rsa ?
  local-key-pair   Local RSA public key pair operations
  peer-public-key  Remote peer RSA public key configuration.
[Huawei]rsa loc    
[Huawei]rsa local-key-pair ?
  create   Create new local public key pairs
  destroy  Destroy the local public key pairs
[Huawei]rsa local-key-pair cre    
[Huawei]rsa local-key-pair create 
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
........................++++++
.........++++++
............++++++++
...............++++++++

[Huawei]aaa
[Huawei-aaa]loc    
[Huawei-aaa]local-user user-ssh pass    
[Huawei-aaa]local-user user-ssh password ci    
[Huawei-aaa]local-user user-ssh password cipher huawei
Info: Add a new user.
[Huawei-aaa]loc    
[Huawei-aaa]local-user user-ssh pri    
[Huawei-aaa]local-user user-ssh privilege level    
[Huawei-aaa]local-user user-ssh privilege level 2
[Huawei-aaa]loc    
[Huawei-aaa]local-user user    
[Huawei-aaa]local-user user-ssh serv    
[Huawei-aaa]local-user user-ssh service-type ssh
[Huawei-aaa]q
[Huawei]user-in    
[Huawei]user-interface vty    
[Huawei]user-interface vty 0    
[Huawei]user-interface vty 0 4    
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]aut    
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]pro    
[Huawei-ui-vty0-4]protocol ?
  inbound  Incoming protocol
[Huawei-ui-vty0-4]protocol in    
[Huawei-ui-vty0-4]protocol inbound ssh
[Huawei-ui-vty0-4]q
[Huawei]ssh user    
[Huawei]ssh user user    
[Huawei]ssh user user-    
[Huawei]ssh user user-ssh au    
[Huawei]ssh user user-ssh authentication-type ?
  all           All authentication, password or RSA
  password      Password authentication
  password-rsa  Both password and RSA
  rsa           RSA authentication
[Huawei]ssh user user-ssh authentication-type all
 Authentication type setted, and will be in effect next time
[Huawei]sysnan    
[Huawei]sysna    
[Huawei]sysname AR@
[AR@]sysname AR@
[AR@]sysname AR2
[AR2]

3、AR1作为SSH客户端接连AR2测试

 

Please press enter to start cmd line!
##########################
<Huawei>
Dec  8 2017 22:11:25-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt
hernet0/0/0 has turned into UP state.
<Huawei>

  Please check whether system data has been changed, and save data in time

  Configuration console time out, please press any key to log on

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]int    
[AR1]interface g    
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 12.1.1.1 24
[AR1-GigabitEthernet0/0/0]
Dec  8 2017 22:20:08-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
 on the interface GigabitEthernet0/0/0 has entered the UP state. 
[AR1-GigabitEthernet0/0/0]q
[AR1]ping  12.1.1.2
  PING 12.1.1.2: 56  data bytes, press CTRL_C to break
    Reply from 12.1.1.2: bytes=56 Sequence=1 ttl=255 time=160 ms
    Reply from 12.1.1.2: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 12.1.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms
    Reply from 12.1.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms
    Reply from 12.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms

  --- 12.1.1.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/56/160 ms

[AR1]ssh 12.1.1.2
         ^
Error: Unrecognized command found at \'^\' position.
[AR1]ssh    
[AR1]ssh ?
  client  Set SSH client attribute
  server  Specify the server attribute
  user    SSH user
[AR1]ssh ssh    
[AR1]ssh clei    
[AR1]ssh clien    
[AR1]ssh client ?
  STRING<1-64>  Specify SSH server IP address or name
  first-time    Set SSH client attribute of authenticating user for the first   
                time access.
[AR1]ssh client fri    
[AR1]ssh client fir    
[AR1]ssh client first-time 
                           ^
Error:Incomplete command found at \'^\' position.
[AR1]ssh client first-time 
                           ^
Error:Incomplete command found at \'^\' position.
[AR1]ssh client first-time ?
  enable  Enable authentication for first time access.
[AR1]ssh client first-time en    
[AR1]ssh client first-time enable 
[AR1]ssh    
[AR1]ssh ?
  client  Set SSH client attribute
  server  Specify the server attribute
  user    SSH user
[AR1]ste    
[AR1]stelnet ?
  STRING<1-255>  IP address or host name of a remote system
  -a             Set the source IP address of SSH packets
  server         Set Stelnet server
[AR1]stelnet 12.1.1.2
Please input the username:user-ssh
Trying 12.1.1.2 ...
Press CTRL+K to abort
Connected to 12.1.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Dec  8 2017 22:23:15-08:00 AR1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server h
ad not been authenticated in the process of exchanging keys. When deciding wheth
er to continue, the user chose Y. 
[AR1]
Save the server\'s public key? (y/n)[n]:y
The server\'s public key will be saved with the name 12.1.1.2. Please wait...

Dec  8 2017 22:23:21-08:00 AR1 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding whet
her to save the server\'s public key 12.1.1.2, the user chose Y. 
[AR1]
Enter password:
<AR2>dis ip in    
<AR2>dis ip interface bri    
<AR2>dis ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              12.1.1.2/24          up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
<AR2>