实验目的:
理解SSH的应用场景
理解SSH协议的原理
掌握配置SSH Password认证方法
掌握SFTP的配置
[R2]ssh user huawei1 au [R2]ssh user huawei1 authentication-type pa [R2]ssh user huawei1 authentication-type password Error: Username does not exist [R2]ssh ? client Set SSH client attribute server Specify the server attribute user SSH user [R2]ssh us [R2]ssh user huawei au [R2]ssh user huawei authentication-type pa [R2]ssh user huawei authentication-type password Authentication type setted, and will be in effect next time [R2]s? set <Group> set command group sftp <Group> sftp command group shutdown Shutdown smart-policy-route Smart Policy Route snmp-agent <Group> snmp-agent command group ssh Specify SSH (secure shell) configuration information ssl SSL sslvpn <Group> sslvpn command group standby Specify DCC(Dial-Control-Center) configuration information static-cr-lsp Static CR-LSP configuration static-lsp Static LSP configuration stelnet <Group> stelnet command group stp Specify Spanning Tree Protocol (STP) configuration information super Modify super password parameters sysname Set the host name [R2]st [R2]ste [R2]stelnet ? STRING<1-255> IP address or host name of a remote system -a Set the source IP address of SSH packets server Set Stelnet server [R2]stelnet se [R2]stelnet server ? enable Enable Stelnet server [R2]stelnet server en [R2]stelnet server enable Info: Succeeded in starting the STELNET server. [R2]disp [R2]display ss [R2]display ssh us [R2]display ssh user-information huawei ------------------------------------------------------------------------------- Username Auth-type User-public-key-name ------------------------------------------------------------------------------- huawei password null ------------------------------------------------------------------------------- [R2]disp [R2]display ssh ser [R2]display ssh server ? session Server session status Server state [R2]display ssh server st [R2]display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Disable Stelnet server :Enable [R2] [R2] [R2]disp [R2]display ? Cellular Cellular interface aaa AAA access-user User access accounting-scheme Accounting scheme acl <Group> acl command group actual Current actual adp-ipv4 Ipv4 information adp-mpls Adp-mpls module alarm Alarm antenna Current antenna that outputting radio anti-attack Specify anti-attack configurations ap <Group> ap command group ap-auth-mode Display AP authentication mode ap-elabel Electronic label ap-license AP license config ap-performance-statistic Display AP performance statistic information ap-profile Display AP profile information ap-region Display AP region information ap-run-info Display AP run information ap-type Display AP type information ap-update AP update ap-whitelist AP white list apv2r3 PAF(Product Adaptive File) arp <Group> arp command group [R2]display s [R2]display ss [R2]display ssh ? server SSH server information user-information SSH user information [R2]display ssh ser [R2]display ssh server ? session Server session status Server state [R2]display ssh server sess [R2]display ssh server session -------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 0 2.0 AES run password huawei -------------------------------------------------------------------- [R2] [R2]aa [R2]aaa [R2-aaa]loc [R2-aaa]local-user huawei2 pa [R2-aaa]local-user huawei2 password ? cipher User password with cipher text [R2-aaa]local-user huawei2 password cip [R2-aaa]local-user huawei2 password cipher huawei123 Info: Add a new user. [R2-aaa]loc [R2-aaa]local-user hua [R2-aaa]local-user huawei2 ? access-limit Set access limit of user(s) ftp-directory Set user(s) FTP directory permitted idle-timeout Set the timeout period for terminal user(s) password Set password privilege Set admin user(s) level service-type Service types for authorized user(s) state Activate/Block the user(s) user-group User group [R2-aaa]local-user huawei2 ser [R2-aaa]local-user huawei2 service-type ss [R2-aaa]local-user huawei2 service-type ssh [R2-aaa]loc [R2-aaa]local-user hua [R2-aaa]local-user huawei2 p [R2-aaa]local-user huawei2 ? access-limit Set access limit of user(s) ftp-directory Set user(s) FTP directory permitted idle-timeout Set the timeout period for terminal user(s) password Set password privilege Set admin user(s) level service-type Service types for authorized user(s) state Activate/Block the user(s) user-group User group [R2-aaa]local-user huawei2 pr [R2-aaa]local-user huawei2 privilege ? level Set admin user(s) level [R2-aaa]local-user huawei2 privilege le [R2-aaa]local-user huawei2 privilege level 3 [R2-aaa]loc [R2-aaa]local-user ua [R2-aaa]local-user hua [R2-aaa]local-user huawei2 [R2-aaa]local-user huawei2 ? access-limit Set access limit of user(s) ftp-directory Set user(s) FTP directory permitted idle-timeout Set the timeout period for terminal user(s) password Set password privilege Set admin user(s) level service-type Service types for authorized user(s) state Activate/Block the user(s) user-group User group [R2-aaa]local-user huawei2 ft [R2-aaa]local-user huawei2 ftp-directory fl [R2-aaa]local-user huawei2 ftp-directory flash: [R2-aaa]quit [R2]ssh hua [R2]ssh huawei2 au [R2]ssh huawei2 au [R2]ss [R2]ssh us [R2]ssh user huawei2 ? assign Specify the key authentication-type Authentication type [R2]ssh user huawei2 au [R2]ssh user huawei2 authentication-type pa [R2]ssh user huawei2 authentication-type password Authentication type setted, and will be in effect next time [R2]sft [R2]sftp ser [R2]sftp server en [R2]sftp server enable Info: Succeeded in starting the SFTP server. [R2]disp [R2]display s [R2]display saved-configuration [R2]display ss [R2]display ssh [R2]display ssh se [R2]display ssh server sta [R2]display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Enable Stelnet server :Enable [R2] [R2] [R2]disp [R2]display ss [R2]display ssh se [R2]display ssh server ses [R2]display ssh server session -------------------------------------------------------------------- Conn Ver Encry State Auth-type Username -------------------------------------------------------------------- VTY 0 2.0 AES run password huawei2 -------------------------------------------------------------------- [R2] Please check whether system data has been changed, and save data in time Configuration console time out, please press any key to log on
The device is running! <Huawei> Oct 24 2018 13:47:13-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt hernet0/0/0 has turned into UP state. <Huawei>sys <Huawei>system-view Enter system view, return user view with Ctrl+Z. [Huawei]sys [Huawei]sysname ^ Error:Incomplete command found at '^' position. [Huawei]sys [Huawei]sysname R1 [R1]int [R1]interface g0/0/0 [R1-GigabitEthernet0/0/0]ip add 10.1.1.1 ^ Error:Incomplete command found at '^' position. [R1-GigabitEthernet0/0/0]ip add 10.1.1.1 24 Oct 24 2018 13:48:22-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [R1-GigabitEthernet0/0/0]quit [R1]disp [R1]display ip int [R1]display ip interface br [R1]display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 2 The number of interface that is DOWN in Physical is 2 The number of interface that is UP in Protocol is 2 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 10.1.1.1/24 up up GigabitEthernet0/0/1 unassigned down down GigabitEthernet0/0/2 unassigned down down NULL0 unassigned up up(s) [R1] [R1] [R1]ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=150 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms --- 10.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/48/150 ms [R1] Please check whether system data has been changed, and save data in time Configuration console time out, please press any key to log on <R1> <R1>sy <R1>system-view Enter system view, return user view with Ctrl+Z. [R1]ss [R1]ssh ? client Set SSH client attribute server Specify the server attribute user SSH user [R1]ssh cl [R1]ssh client ? STRING<1-64> Specify SSH server IP address or name first-time Set SSH client attribute of authenticating user for the first time access. [R1]ssh client fi [R1]ssh client first-time ? enable Enable authentication for first time access. [R1]ssh client first-time en [R1]ssh client first-time enable [R1]ste [R1]stelnet 10.1.1.2 Please input the username:huawei Trying 10.1.1.2 ... Press CTRL+K to abort Connected to 10.1.1.2 ... The server is not authenticated. Continue to access it? (y/n)[n]:y Oct 24 2018 14:04:53-08:00 R1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server ha d not been authenticated in the process of exchanging keys. When deciding whethe r to continue, the user chose Y. [R1] Save the server's public key? (y/n)[n]:y The server's public key will be saved with the name 10.1.1.2. Please wait... Oct 24 2018 14:05:04-08:00 R1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wheth er to save the server's public key 10.1.1.2, the user chose Y. [R1] Enter password: <R2>disp <R2>display ss <R2>display ss <R2>display ? l2tp-group PPP packet debugging functions <R2>sys <R2>sys <R2> Configuration console time out, please retry to log on [R1] [R1] [R1]sft [R1]sftp 10.1.1.2 Please input the username:huawei2 Trying 10.1.1.2 ... Press CTRL+K to abort Enter password: sftp-client>