About Huawei switch configuring sshkey password-free login 04/06 Update SLTechnology News&Howtos

About Huawei switch configuring sshkey password-free login

2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

1 generate public keys and keys on the client side

Ssh-keygen

If you enter all the time, the public key and private key files will be generated in the ~ / .ssh directory.

2 convert the public key

Use the command

Ssh-keygen-f. SSH / id_rsa.pub-e-m pem | grep-v'\ -'| base64-d | xxd-p

This is to change the public key of the original openssh into the public key of ssh3.0, because it seems that the current Linux distribution is openssh by default, but Huawei only knows ssh3.0, so.

Save the generated public key (will be displayed directly on the terminal)

The configuration on the switch is as follows:

Rsa peer-public-key 1

Public-key-code begin

30820109

02820100

E58B4DF3 8B1DCFBC 6F376C9C 5F73F18C 44AF4BC7 631CE37C 2288C9F8 38D03C55

796974E8 52934544 42212A72 42E843DB 00BAE582 AF18F671 3906D6A0 F0F5AD37

33228E2E 177606A6 36D48565 35F54D7B E9111FAC 502EDA4F 68E6EABF 4D0404DD

5E0ECDE5 079F0745 0A9B53FF 35C90848 8942124C CA27D83E 8231535C C3D7D154

504D93F4 526B0574 3B4B73DF 842FF1D5 0CBACD96 2A7BE17A 9C4B7555 0CA5192E

B7FC7F69 650F9DC3 17A01B0C 20528AB8 3BCF1738 6FC74FE6 2ABEBB63 63258034

7DB8D1CB 1CE61117 FA9D6F8C 6B738D54 AC939196 E1520FCF C8A3684C 03640057

D4B54BB4 D747335B 747451A4 E86751AB CD31ABF8 C28F2183 FDD7FEEC 69EE1D2B

0203

010001

Public-key-code end

Peer-public-key end

Aaa

Authentication-scheme default

Authorization-scheme default

Accounting-scheme default

Domain default

Domain default_admin

Local-user user1 password cipher% @% @ _% 485) = .31D, kbRl) MaUTF03%@%@

Local-user user1 service-type ssh

Local-user user2 password cipher% @% @ D2xbot 9a} = y~b1S) JMI S8wMTJen% quit% @

Local-user user2 privilege level 15

Local-user user2 service-type ssh

Undo local-user admin

Stelnet server enable

Ssh user user1

Ssh user user1 authentication-type rsa

Ssh user user1 assign rsa-key 1

Ssh user user1 service-type stelnet

Ssh user user2

Ssh user user2 authentication-type password

Ssh user user2 service-type stelnet

Ssh client first-time enable

User-interface vty 0 4

Authentication-mode aaa

User privilege level 1

Protocol inbound ssh

User-interface vty 16 20

After this configuration is completed, user1 has the view permission, key verification login (without entering a password), user2 has administrator rights, password verification. This is a Huawei 5700 switch. The permission of sshkey is set in user-interface vty, and it cannot be set for a particular user (the operating system does not have this feature), so this is probably the best way to do it at present.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.