ENSP配置华为路由器配置SSH登陆

 

拓扑如图所示,R1作为SSH 客户端;R2作为SSH服务器

配置R1 接口IP地址
[R1]interface G0/0/0

[R1-GigabitEthernet0/0/0]IP address 192.168.12.1 24

配置R2 接口IP地址

[R2]interface G0/0/0

[R2-GigabitEthernet0/0/0]IP address 192.168.12.2 24

测试连通性

[R1]PING 192.168.12.2
  PING 192.168.12.2: 56  data bytes, press CTRL_C to break
    Reply from 192.168.12.2: bytes=56 Sequence=1 ttl=255 time=60 ms
   

R2全局开启SSH服务器

[R2]stelnet server enable 

R2 VTY接口允许SSH协议;配置认证方式为AAA

[R2]user-interface vty 0 4

[R2-ui-vty0-4]protocol inbound all 

[R2-ui-vty0-4]authentication-mode aaa

AAA模式下新建SSH用户;配置用户级别;服务类型

[R2-ui-vty0-4]authentication-mode aaa

[R2-aaa]local-user huawei password cipher huawei;123

[R2-aaa]local-user huawei privilege level 15

[R2-aaa]local-user huawei service-type ssh

全局模式下添加本地密钥对;密钥对大小值采用默认

[R2]rsa local-key-pair create 

The range of public key size is (512 ~ 2048).

R1测试登陆前允许ssh客户端初次启用

[R1]ssh client first-time enable 

R1登陆SSH;输入用户名;接收R2发送的公钥

[R1]stelnet 192.168.12.2

Please input the username:huawei

The server is not authenticated. Continue to access it? (y/n)[n]:y

Save the server;s public key? (y/n)[n]:y

输入密码;登陆成功

[R1]
Enter password:
<R2>