SSH service configuration
Lab topology
#基础配置
<Huawei>system-view
[Huawei]sysname R1
[R1]int GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.1.1.1 24
#创建秘钥对
[R1]rsa local-key-pair create
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
..++++++++++++
.........++++++++++++
........++++++++
...++++++++
# View keys to
[R1] Run the display rsa local-Key-pair public
=====================================================
Time of Key pair created: 2019-06-25 15:43:00-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
D7ECC107 8B61CAB4 5CD2F56A FB67E1E8 B0CD0688
55B0E1C0 79420473 CACE51DF 3E72ACF1 F96D67AE
6CB3F2BF 6DA2742D 28A9045A 0686BFB5 1E337456
CB5EF0CB
0203
010001
================================================== ===
Time Key pair of the Created: 2019-06-25 15: 43: 02-08: 00
Key name: Server
Key of the type: RSA Encryption Key
================= ====================================
Key code:
3067
0260
CB4E707A 1254DE1F C783396A C306D420 59DF2F0A
60BF47AF 7018159B 3906CE64 12EDA1DF 9E3D9670
83A9CC92 F291DF3D C45FFDCC 3D35C30C C915CCD2
6DF673F4 D890B3A9 F976F816 7F5691D2 E7DD85E9
2F658F65 1FE87688 49D3B274 8ABB5C57
0203
010001
#Time created- pair of public key Key generation time;
name #Key name- public key / description;
#key type- public key type;
# Vty Configure Interface
[Rl] User-interface vty 0. 4
[Rl-UI-vty0-4] authentication-MODE AAA
[Rl-UI-vty0-4] Protocol inbound ssh # ssh only allows
# Create a user
[R1] aaa
[R1-aaa] local-the User huawei1 password the cipher keyword huawei1
Info: the Add A new new the User.
[R1-aaa] local-the User HUAWEI Service-of the type ssh # for the user to open ssh function
[R1-aaa] the user privilege level HUAWEI-local 3 # set the user privilege level to level 3
# Switches, routers globally on ssh function
[R1] stelnet Server enable
Info: Succeeded in Starting at The stelnet Server.
# Ssh View user login information
[R1] Run the display ssh the User-Information huawei1
----------------------------------- --------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
huawei1 password null
-------------------------------------------------------------------------------
#查看SSH服务的状态
[R1]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Disable
Stelnet server :Enable
# Analog login
# When the SSH client first login SSH server, the client has not saved the RSA public key SSH server,
RSA public key to check the validity of the # server will fail, causing login failures, so when the end user the first R1
when the # sign-on, you need to open SSH client for the first time authentication, SSH server does not have the RSA public key
# validity check.
<R2>system-view
[R2]ssh client first-time enable
[R2]stelnet 10.1.1.1
Please input the username:huawei1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Jun 25 2019 16:03:45-08:00 R2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y.
[R2]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.1.1.1. Please wait...
Jun 25 2019 16:03:49-08:00 R2 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wheth
er to save the server's public key 10.1.1.1, the user chose Y.
[R2]
Enter password:
<R1>
# Check the SSH service session
[R1]display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password huawei1
--------------------------------------------------------------------
#配置SFTP Server与Client
[R1]aaa
[R1-aaa]local-user huawei2 password cipher huawei2
Info: Add a new user.
[R1-aaa]local-user huawei2 privilege level 3
[R1-aaa]local-user huawei2 ftp-directory flash:
[R1-aaa]qu
[R1]ssh user huawei2 authentication-type password
Authentication type setted, and will be in effect next time
[R1]sftp server enable
Info: Succeeded in starting the SFTP server.
#查看SSH服务的状态
[R1]display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
Stelnet server :Enable
#测试SSH服务
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]sftp 10.1.1.1
Please input the username:huawei2
Trying 10.1.1.1 ...
Press CTRL+K to abort
Enter password:
sftp-client>dir
drwxrwxrwx 1 noone nogroup 0 Jun 25 05:45 dhcp
drwxrwxrwx 1 noone nogroup 0-rwxrwxrwx 1 noone nogroup 1218
02 May 26 2014 portalpage.zip
-rwxrwxrwx 1 noone nogroup 540 Jun 25 07:43 rsa_server_key.efs
-rwxrwxrwx 1 noone nogroup 396 Jun 25 07:43 rsa_host_key.efs
-rwxrwxrwx 1 noone nogroup 2263 Jun 25 07:37 statemach.efs
-rwxrwxrwx 1 noone nogroup 828482 May 26 2014 sslvpn.zip
drwxrwxrwx 1 noone nogroup 0 Jun 25 07:43 .
sftp-client>
#查看SSH Server状态
[R1]display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password huawei2
--------------------------------------------------------------------