方法一
处理过程:
1、生成本地密钥对。
[T-switch-B]rsa local-key-pair create
The key name will be: T-switch-B_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
输入1000,注意该值需要大于768,否则用ssh登录时会出现下面的错误,但是指导书中没写明白。
usm:~ # ssh 192.168.20.91
The authenticity of host '192.168.20.91 (192.168.20.91)' can't be established.
RSA key fingerprint is 92:dc:1e:90:76:b6:77:50:1f:79:e0:01:d5:a4:17:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.20.91' (RSA) to the list of known hosts.
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key
2、创建ssh用户和密码
[T-switch-B]user-interface vty 0 4
[T-switch-B-ui-vty0-4]authentication-mode aaa
[T-switch-B-ui-vty0-4]protocol inbound ssh
[T-switch-B-ui-vty0-4]ssh user huawei authentication-type password
[T-switch-B-ui-vty0-4]q
[T-switch-B]ssh user huawei service-type stelnet
[T-switch-B-ui-vty0-4]q
[T-switch-B]aaa
[T-switch-B-aaa]local-user huawei password simple huawei
[T-switch-B-aaa]local-user huawei service-type ssh
3、使能stelnet服务
[T-switch-B]stelnet server enable
方法二
适用产品和版本适用于VRP5.30及以后的版本。
配置步骤步骤 1    生成本地密钥对
<Quidway> system-view
[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
.......++++++++++++
..........++++++++++++
...................................++++++++
.
.....++++++++
步骤 2    创建SSH用户
说明
如果SSH用户的认证方式为password,必须配置同名的local-user用户:
# 配置VTY用户界面
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode aaa
[Quidway-ui-vty0-4] protocol inbound ssh
[Quidway-ui-vty0-4] quit
# 新建用户名为Client001的SSH用户,且认证方式为password。
<Quidway> system-view
[Quidway] ssh user client001 authentication-type password
# 为SSH用户Client001配置密码为huawei。
[Quidway] aaa
[Quidway-aaa]local-user client001 password simple huawei
ssh命令行[Quidway-aaa]local-user client001 service-type ssh
说明
SSH的验证超时时间、重试次数以及服务器密钥更新时间可以采取系统默认值。这些配置完成以后,您就可以在其它与路由器连接的终端上,运行支持SSH1.5的客户端软件,以用户名Client001,密码huawei,访问路由器了。
步骤 3    在终端上运行支持SSH1.5的客户端软件,访问路由器
从支持SSH1.5的客户端软件访问路由器
方法三
这个华为的SSH 配置要必
须要有
密钥生成
用户密码
SSH伪证及其服务开启
rsa peer-public-key aaa
public-key-code begin
3047
0240
9C3A11B1 8518AC22 6B9FDCD3 BEF32C71 BB3DD46A 061B905E 30C57368 CE2F4490
18360FDB 092A9590 A62F2A7C 48222F94 F17FC25E C121BFCE 5FDACAA0 8DF75FA5
0203
010001
public-key-code end
peer-public-key end
aaa
local-user test password simple text.aaa
local-user testt service-type telnet ssh
local-user test level 15
authentication-scheme defaul
stelnet server enable
ssh user test
ssh user test authentication-type password
ssh user test service-type stelnet

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。