Configure to log in to the system via stelnet
Principle overview
Telnet lacks a secure authentication method, and the use of tcp plaintext for transmission has great security risks. It is no longer accepted.
Steelnet uses authentication and two-way data encryption on the user side in a traditional network environment to provide security for the terminal. Telnet service.
s is ssh to provide safe information protection and powerful authentication functions. Port 22
Experimental topology
Experimental steps
Device interface Ip Mask Gateway
R1 G0/0/0 10.1.1.1 24 #
R2 G0/0/0 10.1.1.2 24 #
Because the simulator software pc does not have an ssh client, you can only use the router to simulate the experiment
It’s best to test connectivity before doing any experiments
Configure ssh experiment
First, the server must generate and configure the local rsa key pair.
R2
Rsa local-key-pair create
// display rsa local-key-pair public View part of the public key information in the local key
Enter the vty user to set the user authentication mode as AAA
User-interface vty 0 4
Authentication mode aaa
Protocol inbound ssh vty user is allowed to access the protocol.
aaa
Local-user huawei password cipher huawei1
Local-user huawei service-type ssh
Stelnet server enable
By default, the ssh server function is disabled. Open like this
connection
Finally, you can display ssh user-information huawei to
view users
Display ssh server status
R1:
Because when the ssh client logs in to the ssh server for the first time, the client does not save the rsa public key of the ssh server. The first login will fail. Therefore, the first authentication 2 function of the account opening client is required. No validity check is performed on the rsa public key.
Ssh client first-time enable
Successful connection
Display ssh server session
What are the flaws in the first authentication function of the Ssh client?
The ssh client login authentication for the first time has great security risks. If it is not turned on, you can paste the other party's public key information locally to successfully authenticate