STelnet overview
STelnet is the abbreviation of Secure Telnet. It provides secure Telnet service through network terminal access through user authentication and two-way data encryption.
SSH is a network security protocol that provides secure original login and other security services by encrypting data. SSH data encryption transmission, authentication mechanism to ensure safety, can replace Telnet, has been widely used, is one of the current important network protocols.
SSH transmits data based on TCP's 22 port, supports password authentication, the user terminal sends a password authentication request to the server, encrypts the user name and password and sends it to the server; the server decrypts the information to get the plain text of the user name and password, and the saved on the device The user name and password are compared, and the information about authentication security and failure is returned.
SFTP stands for SSH File Transfer Protocol, and the server provides secure services for network file transfer through user authentication and two-way data encryption.
SSH simulation experiment
Router R1 emulates a PC and acts as an SSH client; router R2 emulates an SSH server and emulates remote user R1 to log in to router R2 via SSH protocol for configuration.
Experimental topology
Configure Stelnet login experiment
R1
配置Client客户端
<Huawei>u t m
<Huawei>system-view
[Huawei]sys R1
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.1.1.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]ssh client first-time enable /先配置Server在配置客户端
[R1]stelnet 10.1.1.254 /后连接
R2
The first operation of SSH login is to configure and generate a local RSA key pair (after saving, it will not be lost after restarting). On the vty interface, set the user login authentication method to aaa, and specify that the vty type user interface only supports the ssh protocol (telnet Close), use local-user to create a local user and ciphertext password admin / admin, local user access type is ssh, local-user local user priority is 3 (admin level, 0 ~ 15), ssh is closed by default Enable ssh to start,
配置Server
<Huawei>u t m
<Huawei>system-view
[Huawei]sys R2
[R2]interface g0/0/0
[R2-GigabitEthernet0/0/0]ip add 10.1.1.254 24
[R2-GigabitEthernet0/0/0]quit
#
[R2]rsa local-key-pair create
[R2]display rsa local-key-pair public /查看本地密钥的公钥信息
#
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
[R2-ui-vty0-4]protocol inbound ssh
[R2-ui-vty0-4]quit
#
[R2]aaa
[R2-aaa]local-user admin password cipher admin
[R2-aaa]local-user admin service-type ssh
[R2-aaa]local-user admin privilege level 3
[R2-aaa]stelnet server enable
#
[R2]display ssh user-information admin /查看SSH用户配置
[R2]display ssh server status /查看服务器全局配置
Client login server
[R1]stelnet 10.1.1.254
stelnet 10.1.1.254
Configure SFTP Server and Client
Create an admin2 / admin2 user password in R2 aaa view, configure the local access type ssh, local priority is 3, specify the ftp user can access the directory (if not configured, the default is empty, the ftp user cannot log in), ssh user Create a new user admin2, authentication method password (cipher text authentication), enable sftp
[R2]aaa
[R2-aaa]local-user admin2 password cipher admin2
[R2-aaa]local-user admin2 service-type ssh
[R2-aaa]local-user admin2 privilege level 3
[R2-aaa]local-user admin2 ftp-directory flash:
[R2]ssh user admin2 authentication-type password
[R2]sftp server enable
Log in to AR1 and enter admin2 / admin2
to view the SSH session connection information on R2. You can see that admin2 has logged in.
Refer to Huawei HCNA Experiment Guide
