66666666666666
感谢楼主分享
1、先根据加密算法生成秘钥对,用于传输数据时加密保护,保存在交换机中但不保存在配置文件中
rsa local-key-pair create
或
dsa local-key-pair create
举例:
rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus:1024 #设置密钥位数
Generating keys...
.................................................++++++
.++++++
............++++++++
..............................++++++++
#客户端登陆SSH server服务端后自动获得分配钥匙
2、打开设备SSH(stelnet)服务端功能
stelnet server enable
3、创建SSH用户并指定其登陆验证方式
ssh user sshtest authentication-type ?
all Any authentication mode, any one of password, RSA, and DSA
dsa DSA authentication
password Password authentication
password-dsaBoth password and DSA authentication modes
password-rsaBoth password and RSA authentication modes
rsa RSA authentication
4、设置SSH用户服务类型
ssh user sshtest service-type ?
all Set all service type
sftp Set SFTP service type
stelnetSet Stelnet service type
当通过password、password-dsa、passowrd-rsa认证时,需要在AAA视图下创建同名本地用户,并设置其服务类型和级别
5、配置参考如下
local-user sshtest password cipher 123456
local-user sshtest service-type ssh
local-user sshtest privilege level 3
当通过DSA、RSA认证时,需要在服务器端和客户端都生成本地RSA或DSA密钥对,且在服务器端和客户端都需要将对方的公钥配置到本地。
具体配置,一般很少用
6、配置对端RSA或DSA 公钥名并进入公钥编辑视图(以RSA为例)
rsa peer-public-key 001
Enter "RSA public key" view, return system view with "peer-public-key end".
7、开始输入编辑公钥秘钥
public-key-code begin
A8268E05 56254CD1 D73FA4C6 2356FFFC 0567C814
5EB8CE45 83B18D2A 9A90B558 0A260DD5 49B4CA18
……………………….
8、完成公钥秘钥编辑并退出返回到公钥视图
public-key-code end
9、返回系统视图
peer-public-key end
10、为用户分配存在的公钥
Sshuseruser-name001
-----------可选配置-------------
1、SSH服务器可选配置
ssh server ?
authentication-retriesSet the authentication times#SSH登陆重试次数,防止非法登陆
compatible-ssh1x Set the compatible ssh1x#设置ssh兼容低版本ssh协议
port Set the port attribute#修改ssh服务器端口(默认22)
rekey-interval Set the interval generated by the SSH sever key#配置SSH 密钥的更新周期
timeout Set the authentication timeout#设置ssh验证超时时间(多长时间为登陆成功则断开)
Sshserver authentication-retrieves
2、为指定的SSH用户配置按命令行授权
ssh user xia authorization-cmd aaa
===================================
1、查看本地密钥对中的公钥部分信息
display rsa local-key-pair public
=====================================================
Time of Key pair created: 10:35:362015/9/23
Key name: Huawei_Host
Key type: RSA encryption Key
=====================================================
Key code:
308188
028180
A8268E05 56254CD1 D73FA4C6 2356FFFC 0567C814
5EB8CE45 83B18D2A 9A90B558 0A260DD5 49B4CA18
0025AE4D 728FC5A2 7597DEF5 2A267D0A 9ACC27E9
02393E9D F7ADCB6E 4E48523B 835C1BB8 D6319DF3
AC32DF82 73E8B5BC AB57C22A 250B19E8 08BE3AD9
D006FD50 A072663E 045B2470 D7CBF1B6 87FF2A03
8BC34D1B E1E67A9B
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAgQCoJo4FViVM0dc/pMYjVv/8BWfIFF64zkWD
sY0qmpC1WAomDdVJtMoYACWuTXKPxaJ1l971KiZ9CprMJ+kCOT6d963Lbk5IUjuD
XBu41jGd86wy34Jz6LW8q1fCKiULGegIvjrZ0Ab9UKByZj4EWyRw18vxtof/KgOL
w00b4eZ6mw==
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCoJo4FViVM0dc/pMYjVv/8BWfIFF64zkWDsY0qmpC1W
AomDdVJtMoYACWuTXKPxaJ1l971KiZ9CprMJ+kCOT6d963Lbk5IUjuDXBu41jGd86wy34Jz6LW8q1fCKi
ULGegIvjrZ0Ab9UKByZj4EWyRw18vxtof/KgOLw00b4eZ6mw== rsa-key
=====================================================
Time of Key pair created: 10:35:362015/9/23
Key name: Huawei_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
E91B1261 A2B31920 132AA32B C4CA7F82 D8F2B7F4
BCC2693D 4C6DA486 10F87A22 C945688E CC690A03
8B0B4742 2DC3476F 96B501C8 CF6718EE 8BA89736
9565AC4B A34A5543 5CA5DA87 BA4F0C62 C64A7AF0
5F596BEE D2DF3260 61EF61B6 B68BE7CF
0203
010001
2、显示SSH(stelnet)相关信息
display ssh ?
server SSH server information
server-info Display server information
user-informationSSH user information
----------------
display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval:0 hours
SSH authentication retries :3 times
SFTP server isable
Stelnet server :Enable
Scp server isable
SSH server source :0.0.0.0
display ssh server se
display ssh server session
sis
dis
display sh
display ss
display ssh ?
server SSH server information
server-info Display server information
user-informationSSH user information
display ssh ser
display ssh server ?
sessionServer session
status Server state
display ssh server st
display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval:0 hours
SSH authentication retries :3 times
SFTP server isable
Stelnet server :Enable
Scp server isable
SSH server source :0.0.0.0
display ssh server-i
display ssh server-info
Server Name(IP) Server Public Key Type Server public key name
______________________________________________________________________________
display ssh user-information ?
STRING<1-64>The specified user name
| Matching output
<cr>
display ssh user-information
User 1:
User Name : sshtest
Authentication-type: password
User-public-key-name : -
User-public-key-type : -
Sftp-directory : -
Service-type : stelnet
Authorization-cmd : No
学习学习学习
好东西谢谢楼主分享
感谢楼主分享
感谢分享。看看怎么样
感谢分享
看看希望能用到
谢谢分享看看
{:6_267:}
好就一个字
看看怎么样
1111111111111
感谢分享~
