【原创】H3C S6850交换机开启远程登录

不认证

interface Vlan-interface 1
 ip address 192.168.56.2 24

telnet server enable
line vty 0 4
authentication-mode none

注意：ssh 无效

只用密码登录

interface Vlan-interface 1
 ip address 192.168.56.2 24

telnet server enable

line vty 0 4
authentication-mode password
set authentication password simple [email protected] 

注意：ssh 无效

用户密码登录

interface Vlan-interface 1
 ip address 192.168.56.2 24
 
telnet server enable
ssh server enable

line vty 0 4
authentication-mode scheme

local-user user1 class manage
password simple [email protected]
service-type telnet
service-type ssh

Radius登录

interface Vlan-interface 1
 ip address 192.168.56.2 24
 
telnet server enable
ssh server enable

line vty 0 4
 authentication-mode scheme

radius scheme freeradius
 primary authentication 192.168.56.4 key simple testing123
 user-name-format without-domain

domain system
#domain name system
 authentication login radius-scheme freeradius local
 authorization login radius-scheme freeradius local
 accounting default none

role default-role  enable network-admin

注意：这里在Radius服务器上统一设置账号密码

SSH 无密码登录

创建RAS密码对

ssh-keygen -t rsa -b 2048

交换机设置

interface Vlan-interface 1
 ip address 192.168.56.2 24
 
ftp server enable
ssh server enable

line vty 0 4
 authentication-mode scheme

local-user user1 class manage
password simple [email protected]
service-type ftp
authorization-attribute work-directory flash:/
authorization-attribute user-role network-admin

上传公钥

ftp 192.168.56.2
user1 
[email protected]
bin
put .ssh/id_rsa.pub

交换机上导入公钥

public-key local create rsa name hostkey
2048
public-key peer id_rsa import sshkey id_rsa.pub

创建公钥用户

local-user user2
service-type ssh
authorization-attribute user-role network-admin

ssh user user2 service-type all authentication-type publickey assign publickey id_rsa 
no ftp server enable

查看

display ssh user-information
display public-key peer brief

password-control length 4