Shulou(Shulou.com)06/01 Report--

Three articles on Huawei's SSH applications

-apply SSH between nodes

Tool: eNSP

Topology:

Effect: SW1 is the server side of SSH, SW2 is the client side of SSH, and SW2 can access SW1 using stelnet

Realize

I. Interoperability between nodes

SW1 key configuration

Vlan batch 10

Interface Vlanif10

Ip address 10.1.100.1 255.255.255.0

InterfaceGigabitEthernet0/0/1

Port hybrid tagged vlan 10

SW2 key configuration

Vlan batch 10

Interface Vlanif10

Ip address 10.1.100.2 255.255.255.0

InterfaceGigabitEthernet0/0/1

Port hybrid tagged vlan 10

The network interconnection between the two sides is normal.

[sw1] ping-c 110.1.100.2

PING 10.1.100.2: 56 data bytes, press CTRL_C to break

Reply from 10.1.100.2: bytes=56 Sequence=1ttl=255 time=50 ms

-10.1.100.2 ping statistics-

1 packet (s) transmitted

1 packet (s) received

0.005% packet loss

Round-trip min/avg/max = 50-50-50 ms

2. SW2 uses SSH to log in to SW1,SW2 as Client,SW1 as the server

2.1. SW1 as the configuration of the server side

# Update the key to 2048 bits

Rsa local-key-paircreate

# set VTY parameters

User-interfacevty 0 4

Authentication-mode aaa

Protocol inbound ssh

# aaa Settings

Aaa

Local-user abc password simple huawei

Local-user test password simple test

Local-user test privilege level 3

Local-user test service-type terminal ssh

Two user names are set in AAA. The difference between them is service-type. The user abc does not specify the service-type login type, while the user test specifies the SSH login type. The reason is shown below.

# implement SSH login function

Stelnet serverenable / / enable SSH login feature

Undo ssh servercompatible-ssh2x enable / / only versions above SSH2.0 are allowed

Sshauthentication-type default password / / uses password authentication by default

Ssh user abc / / create a new user abc

Ssh user abcauthentication-type password / / user abc uses password authentication

Ssh user abc service-typestelnet / / user abc uses the SSH login type

User abc must specify a login type

Note: there are two cases of SSH password

1. Password is used by default, such as ssh authentication-type default password. When new users are added without sshuser, the system uses AAA authentication by default. It will find the corresponding user name and password and service-type under aaa.

2. New users, such as ssh user abc, must specify its service-type instead of the same command under aaa, and the password will be looked up under aaa.

See a password command water is very deep, know the difference between them will not produce garbage configuration.

About the priority of SSH:

If the authentication method selected by the access user is password authentication, the user priority is the user priority set in AAA.

2.2.2.The configuration of SW2 as Client

Stelnetserver enable / / enable SSH service

Sshclient first-time enable / / only Client needs to configure this command, otherwise when Client logs in for the first time, it will fail because it does not have the public key of Server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.