实验步骤:1.基本配置
2.配置ssh server
3.配置ssh client
4.配置sftp server与client
The device is running! <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysname r2 [r2]interface g0/0/0 [r2-GigabitEthernet0/0/0]ip add 10.1.1.2 24 [r2-GigabitEthernet0/0/0]quit [r2]quit <r2>ping 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=120 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/40/120 ms <r2>system-view [r2]rsa local-key-pair create //rsa算法生成密钥对 The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]:display rsa local-pair public % Invalid number, the range is (512 ~ 2048). [r2]in en Info: Information center is enabled. [r2]display rsa local-key-pair public //查看公钥 ===================================================== Time of Key pair created: 2007-08-25 16:35:02-08:00 Key name: Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 C974420D DD712C58 36A67819 362FEB9C 9C17E326 24101B32 C272F9C9 E3CD06EB C2C73F7C BC89A0E0 994995EF 7885F359 57B25237 3D441556 A050F823 6087E121 0203 010001 ===================================================== Time of Key pair created: 2007-08-25 17:11:59-08:00 Key name: Server Key type: RSA encryption Key ===================================================== Key code: 3067 0260 C1102C7B 2CAB4FAB CD7DCD2C 32D0CCE6 8B995872 2AD83815 39F82B8F 2680B89C A02A8A92 655894E7 48B382E7 B17616E5 01C1B8ED 1D5C7CC3 FFF7453F E0304E50 D4DBE481 E3CDF7E1 6665569A AC5DEBAE DC7B048B B954F568 1432935B 92AADCB5 0203 010001 [r2]user-interface vty 0 4 //进入用户视图 [r2-ui-vty0-4]authentication-mode aaa //认证方式 [r2-ui-vty0-4]protocol inbound ssh //ssh协议 [r2-ui-vty0-4]quit [r2]aaa //进入aaa模式,设置认证,授权 [r2-aaa]local-user admin password cipher hello //创建用户admin密码为hello [r2-aaa]local-user admin service-type ssh //admin服务类型ssh [r2-aaa]quit [r2]ssh user admin authentication-type password //ssh用户admin认证方式密码 Authentication type setted, and will be in effect next time [r2]aaa [r2-aaa]local-user admin privilege level 4 //设置用户等级为4 [r2-aaa]quit [r2]stelnet server enable //开启stelnet Info: Succeeded in starting the STELNET server. [r2]display ssh user-information admin //查看admin的ssh认证 ------------------------------------------------------------------------------- Username Auth-type User-public-key-name ------------------------------------------------------------------------------- admin password null ------------------------------------------------------------------------------- [r2]display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Disable Stelnet server :Enable [r2]aaa [r2-aaa]local-user huawei password cipher huawei Info: Add a new user. [r2-aaa]local-user huawei service-type ssh [r2-aaa]local-user huawei privilege level 3 [r2-aaa]local-user huawei ftp-directory flash; //设置目录 [r2-aaa]ssh user huawei authentication-type password Authentication type setted, and will be in effect next time [r2]sftp server enable Info: Succeeded in starting the SFTP server. [r2]display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Enable Stelnet server :Enable [r2] [r2]aaa [r2-aaa]local-user huawei ftp-directory flash: [r2-aaa]quit [r2]display ssh server session -------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 0 2.0 AES run password huawei -------------------------------------------------------------------- [r2] The device is running! <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysname r1 [r1]interface g0/0/0 [r1-GigabitEthernet0/0/0]ip add 10.1.1.1 24 [r1-GigabitEthernet0/0/0]Quit [r1]ssh client first-time enable //ssh客户端第一次运行 [r1]stelnet 10.1.1.2 Please input the username:admin Trying 10.1.1.2 ... Press CTRL+K to abort Connected to 10.1.1.2 ... The server is not authenticated. Continue to access it? (y/n)[n]:y Save the server's public key? (y/n)[n]:y The server's public key will be saved with the name 10.1.1.2. Please wait... Enter password: <r2>sys Enter system view, return user view with Ctrl+Z. [r2]display ssh server session //查看会话连接 -------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 0 2.0 AES run password admin -------------------------------------------------------------------- [r2]quit <r2>quit Configuration console exit, please retry to log on [r1]sftp 10.1.1.2 Please input the username:huawei Trying 10.1.1.2 ... Press CTRL+K to abort Enter password: sftp-client>
