Shulou(Shulou.com)06/01 Report--

PC authenticates RSA to router, scenario

1. Configure dhcp server and PC IP address, and PC is replaced by virtual machine

Interface GigabitEthernet0/0/0

Ipaddress 192.168.100.254 255.255.255.0

Dhcpselect interface

Dhcpserver excluded-ip-address 192.168.100.1 192.168.100.10

Dhcpserver excluded-ip-address 192.168.100.200 192.168.100.253

Dhcpserver lease day 0 hour 1 minute 0

Dhcpserver dns-list 221.11.132.2 221.11.132.3

Dhcpserver domain-name huawei.com

2. Enable interface authentication

User-interface vty 0 4

Authentication-mode aaa

Userprivilege level 15

Protocol inbound ssh

User-interface vty 16 20

3. Enable AAA authentication

[ar1] aaa

[ar1-aaa] local root password cipherAdmin@123 idle-timeout 20

[ar1-aaa] local root service-type ssh

4. Enable Stelnet service

[ar1] stelnet server enable

5. Generate RSA local key

[ar1] rsa local-key-pair create

The key name will be: Host

% RSA keys defined for Host already exist.

Confirm to replace them? (YBO) [n]: y

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than512

It will take a few minutes.

Input the bits in the modulus [default = 512]: 1024

Generating keys...

. +

. +

. +

. +

6. The RSA key is generated by the virtual machine.

6.1. the test chooses a 1024-digit key, the bigger the better.

6.2.Use SSH-2 RSA key types

6.3. The key password is the personal password that uses the key to prevent the machine from being misused by others. The red box in the following figure

6.4. Save public and private keys

Name the public key public and the private key private.ppk, and the test will be saved on the desktop of the machine.

7. Convert RSA public key format

The default RSA key of putty is in openssh format, which is not compatible with Huawei router, but the high-end Huawei router can change the key type to openssl. The command is: rsa peer-public-key coding to change to openssh format. Because the eNSP version is too low to support keys in openssh format, the keys generated by putty cannot be used directly.

Is it impossible to verify PC RSA login on eNSP? of course not. Why else would you write this today? I also encountered this problem of key conversion at that time, and I also thought of using openssl.exe to convert the format, but the ability is limited. The gadget I'm going to use today is sshkey.exe on windows. Let's use it to convert the key format.

On the virtual machine, the desktop already has a sshkey.exe program. Open it and find the previously saved public key public file.

Copy the converted result, that is, the blue background, as a backup.

8. Save the public key of PC on the router

[ar1] rsa peer-public-key test

Enter "RSA public key" view,return system view with "peer-public-key end".

NOTE: The number of the bits of public keymust be between 769 and 2048.

[ar1-rsa-public-key] public-key-code begin

Enter "RSA key code" view, returnlast view with "public-key-code end".

[ar1-rsa-key-code] 30818702 81810096D2F89370 C0218C76 72C465BD 9FEF853D

[ar1-rsa-key-code] 68266441 402C1E66A4A2735B 45006A16 99522B9F 8CAC3346

[ar1-rsa-key-code] BEC4AE9B 4D6675E009542394 85602340 C2245586 C78640CE

[ar1-rsa-key-code] 31231630 52BD73D6587D1D7E 73D53876 EE923DB2 C4A753CE

[ar1-rsa-key-code] 61520674 FFE735603FBFB3FD ED38794B 90EDA281 ED189231

[ar1-rsa-key-code] B8E24306 70D870DA0BC030BB 1EC6FF02 0125

[ar1-rsa-key-code] public-key-code end

[ar1-rsa-public-key] peer-public-key end

9. Users on designated routers use RSA authentication

[ar1] ssh user root assign rsa-key test

[ar1] ssh user root authentication-type rsa

10. Verify that RSA logs into the router on the virtual machine

Open putty on the virtual machine and enter the router IP address

10.2. Use the private key verification generated before putty, and note that you use the private key file generated before private.ppk.

10.3. During authentication, you will be prompted to save the public key file, and click "Yes".

10.4. Log in successfully

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.