MSR路由器
路由器间IPv6 SSH登录 + RSA认证功能的配置
关键词:MSR;SSH;Stelnet;RSA;IPv6
一、组网需求:
MSR1作为SSH服务器,MSR2作为SSH客户端
设备清单:MSR路由器2台
二、组网图:
三、配置步骤:
设备和版本:MSR、Version 5.20, Beta 1105。
MSR1配置命令1
//MSR1生成1024位的rsa本地密钥对
[MSR1]rsa local-key-pair create
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
.......++++++
........++++++
...................++++++++
............++++++++
Done!
[MSR1]
MSR2配置命令
//MSR2生成1024位的rsa本地密钥对
[MSR2]rsa local-key-pair create
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
.......++++++
........++++++
...................++++++++
............++++++++
Done!
//将msr2本地密钥对的公钥导出sshkey格式的msr2_public
[msr2]rsa local-key-pair export ssh2 msr2_public
The file of public key is successfully generated.
[msr2]
MSR1配置命令2
//将msr2导出的公钥文件下载到本地,并引入成rsakey格式的msr2_public
[msr1]rsa peer-public-key msr2_public import sshkey msr2_public
The public key is successfully imported from the file.
[msr1]
MSR1关键配置脚本
#
//全局使能IPv6
ipv6
#
//并发配置用户数量为5
configure-user count 5
#
//从msr2导出的sshkey引入生成的rsakey,名字为msr2_public
rsa peer-public-key msr2_public
public-key-code begin
308186
028180
62CFE079 DC750296 B62617B9 05303470 676C1475 FEB513DC 9A5407DA 9A63F5EE
69B882CF 15E31835 FDF2C527 F1B41127 81172F7B 8BDE65EF FF786C0A 885D10A9
3315204A 2C128163 6A4C5541 941F3381 3E7708F1 1EDDD7B1 336CABBD 81C67A97
C3FF84A4 65F2274D 5F22AEF1 B0CDE46F C79117DC 4A54A3E0 ACA92FC3 66529DBB
0201
25
public-key-code end
peer-public-key end
#
interface Ethernet0/0
port link-mode route
ipv6 add 1::1/64
#
//SSH服务器配置,
ssh server enable
//为登录用户client1指定rsakey为msr2_public
ssh user client1 assign rsa-key msr2_public
//SSH登录用户client1及对应的认证类型为rsa
ssh user client1 authentication-type rsa
//SSH用户client1的服务类型为stelnet,即安全Telnet
ssh user client1 service-type stelnet
#
user-interface vty 0 4
//vty登录用户需要进行aaa认证
authentication-mode scheme
//指定登录用户的级别
user privilege level 3
#
MSR2关键配置脚本
#
//全局使能IPv6
ipv6
#
interface Ethernet0/0
port link-mode route
//配置IPv6地址
ipv6 address 2::1/64
#
四、配置关键点:
1) 2台路由器都要生成密钥对;
2) 客户端需要将自己的密钥对导出成sshkey,服务器需要将其引入为rsakey;
3) 服务器为特定用户指定其rsakey;
4) 将登录用户认证类型改为rsa。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作