Table of contents
1. Introduction to SSH and Telnet
3. Overall needs and environment introduction
1. Introduction to SSH and Telnet
Both SSH and Telnet are remote connection control protocols. In the application of network technology, they are often used to remotely connect and control routers and switches, which is convenient for engineers to remotely operate and maintain equipment. There are currently two versions of SSH: SSH1 and SSH2 , the two are not compatible with each other, and the connection mainly depends on the connection software version installed on the host. The main differences between SSH and Telnet are as follows:
1. SSH connection uses ciphertext to transmit data, while Telnet uses plaintext to transmit data. At the same time, when using the SSH protocol, it is necessary to match the secret key generated by the server to connect successfully; while telnet does not need to match the secret key.
2. The SSH connection port is 22 , and the Telnet connection port is 23 .
The following simulates the environment to realize the actual use of SSH and Telnet.
2. Build the environment
3. Overall needs and environment introduction
1. Overall requirements:
① There are two remote connection methods for R1: ssh and telnet . It is required that the physical network card and CE1 , CE3 , and CE2 can be directly connected to R1 through ssh and telnet; CE4 cannot be directly connected to R1 through ssh and telnet. At the same time , accounts with different permissions (level 0, level 1, and level 15) need to be configured on R2 to meet the access requirements of different personnel. Create a super switching account password to facilitate switching accounts.
② The remote connection method of CE1 is telnet , which requires that the remote client can only check the basic information and cannot change the device configuration data (level 0)
③The remote connection mode of CE2 is ssh, which requires that the remote client can only check the basic information and cannot change the device configuration data (level 1)
Note: level 0 and level 1 have almost the same permissions, neither can enter the configuration view, but can only check and test basic information
2. Environment introduction
In order to highlight the differences between SSH and Telnet ( mainly configuration methods ), the overall experimental environment adopts SSH and Telnet connection methods on R1, and connects to the virtual network card at the same time. Through the virtual network card, the physical host can be connected to R1 through ssh and telnet. . CE1, CE3, and R1 are connected through static routes , so that CE1 and CE3 can independently connect to R1; CE2, CE4, and R1 have no routes directly . When CE4 needs to connect to R1, it can only jump to R1 through CE2 . Through this environment, SSH and Telnet connections to network devices can be completed.
4. Equipment Configuration
R1:
配置接口和路由:
interface GigabitEthernet0/0/0
ip address 30.1.1.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 40.1.1.2 255.255.255.0
interface GigabitEthernet0/0/2
ip address 192.168.10.2 255.255.255.0
ip route-static 10.1.1.0 255.255.255.0 30.1.1.1
配置SSH和Telnet:
ssh client first-time enable //使能SSH客户端首次认证
stelnet server enable //开启SSH服务
telnet server enable //开启Telnet服务
rsa local-key-pair create //生成SSH连接秘钥
user-interface vty 0 4
authentication-mode aaa //配置认证模式为AAA认证
protocol inbound all //配置连接协议为SSH和Telnet
aaa //配置AAA认证内容
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher Test12#$
local-user admin privilege level 1
local-user admin service-type telnet ssh
local-user guest password cipher Test12#$
local-user guest privilege level 0
local-user guest service-type telnet ssh
local-user huawei password cipher Test12#$
local-user huawei privilege level 15
local-user huawei service-type telnet ssh
super password level 1 cipher Test12#$ //配置super账户切换密码,用于切换不同权限的账户
super password level 3 cipher Test12#$
super password level 15 cipher Test12#$View remote connection accounts:
By viewing the results, it can be clearly seen that there are three remote login accounts, and the login permissions of the three accounts are different. The administrator operation and maintenance recommends an account with 15 permissions, and the temporary visitor recommends an account with 0 permissions. The default account permission is 1, which can be used for daily viewing of device configuration and common faults.
CE1:
基础配置:
vlan batch 10 20 30
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2
ip route-static 192.168.10.0 255.255.255.0 30.1.1.2
Telnet配置:
telnet server enable //开启telnet服务
aaa //配置AAA认证内容
local-user huawei password irreversible-cipher Test12#$
local-user huawei service-type telnet
local-user huawei level 0
user-interface vty 0 4
authentication-mode aaa //认证模式为AAA
idle-timeout 3 0 //连接超时时间
protocol inbound telnet //连接协议为Telnet
View remote accounts:
CE2:
vlan batch 10 20 40
aaa
local-user huawei password irreversible-cipher Test12#$
local-user huawei service-type ssh
local-user huawei level 1
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
interface Vlanif40
ip address 40.1.1.1 255.255.255.0
interface GE1/0/2
undo shutdown
port default vlan 20
interface GE1/0/3
undo shutdown
port default vlan 40
stelnet server enable //开启SSH服务
ssh client first-time enable //使能SSH客户端首次认证
ssh authorization-type default aaa //认证方式为AAA
user-interface vty 0 4
authentication-mode aaa
idle-timeout 3 0
protocol inbound sshView remote accounts:
CE3 and CE4 complete the configuration of VLAN, interface and default route according to the topology diagram!
5. Connection test
1. R1 connection test
①User side (CE3, CE4) connection:
Both users can remotely log in to R1 to achieve the expected goal.
②Physical host connection:
The physical host can log in to R1 through the virtual network card to achieve the expected goal.
2. CE1, CE2 connection test
Both the user side can remotely connect to CE1 and CE2, and both achieve the expected goals.
3. R1 account switching test with different permissions:
SSH and Telnet are indispensable remote connection control protocols in daily network operation and maintenance, and are widely used in actual network environments. This article is a practical article for SSH and Telnet. After completing the experiment according to my ideas, you can fully master SSH and Telnet The actual configuration!