MSR路由器
路由器间IPv6 SFTP + RSA认证功能的配置
关键词:MSR;SFTP;RSA;IPv6
一、组网需求:
MSR1作为SFTP服务器,MSR2作为SFTP客户端
设备清单:MSR路由器2台
二、组网图:
三、配置步骤:
设备和版本:MSR、Version 5.20, Beta 1105。
MSR1配置命令1
//MSR1生成1024位的rsa本地密钥对
[MSR1]rsa local-key-pair create
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
.......++++++
........++++++
...................++++++++
............++++++++
Done!
[MSR1]
MSR2配置命令
//MSR2生成512位的rsa本地密钥对
[MSR2]rsa local-key-pair create
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:512
Generating keys...
.......++++++
........++++++
...................++++++++
............++++++++
Done!
//将msr2本地密钥对的公钥导出sshkey格式的msr2_public_ssh
[msr2]rsa local-key-pair export ssh2 msr2_public_ssh
The file of public key is successfully generated.
[msr2]
MSR1配置命令2
//将msr2导出的公钥文件下载到本地,并引入成rsakey格式的msr2_public_rsa
[msr1]rsa peer-public-key msr2_public_rsa import sshkey msr2_public_ssh
The public key is successfully imported from the file.
[msr1]
MSR1关键配置脚本
#
//全局使能IPv6
ipv6
#
//并发配置用户数量为5
configure-user count 5
#
//从msr2导出的sshkey引入生成的rsakey,名字为msr2_public_rsa
rsa peer-public-key msr2_public_rsa
public-key-code begin
3047
0240
B7AE288E FBB73E77 42FF2169 B3312D3B 6243DFFC D83BE964 A82FF2E9 0337B8F8
7F41BC00 D3FDE155 01A95A99 3218561F B93A6EA5 CDC3B14F 3EF8544B C93B77EF
0203
010001
public-key-code end
peer-public-key end
#
interface Ethernet0/0
port link-mode route
ipv6 add 1::1/64
#
//SFTP服务器配置
sftp server enable
//为登录用户client1指定rsakey为msr2_public_rsa
ssh user client1 assign rsa-key msr2_public_rsa
//SSH登录用户client1及对应的认证类型为rsa
ssh user client1 authentication-type rsa
//SSH用户client1的服务类型为sftp,即安全ftp
ssh user client1 service-type sftp
#
user-interface vty 0 4
//vty登录用户需要进行aaa认证
authentication-mode scheme
#
MSR2关键配置脚本
#
//全局使能IPv6
ipv6
#
interface Ethernet0/0
port link-mode route
//配置IPv6地址
ipv6 address 2::1/64
#
四、配置关键点:
1) 2台路由器都要生成密钥对和使能IPv6;
2) 客户端需要将自己的密钥对导出成sshkey,服务器需要将其引入为rsakey;
3) 服务器为特定用户指定其rsakey;
4) 将登录用户认证类型改为rsa;
5) 服务器使能SFTP Server,并将SSH用户的服务类型改为SFTP或ALL。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作