V7路由器怎么配置SSH公钥登陆?有没有配置案例呢?
(0)
最佳答案
· 配置Router A作为Stelnet客户端,用户能够通过Router A安全地登录到Router B上,并被授予用户角色network-admin进行配置管理。
· Router B作为Stelnet服务器采用publickey认证方式对Stelnet客户端进行认证,使用的公钥算法为DSA。
图1-12 设备作为Stelnet客户端配置组网图
# 配置接口GigabitEthernet2/0/1的IP地址。
[RouterA] interface gigabitethernet 2/0/1
[RouterA-GigabitEthernet2/0/1] ip address 192.168.1.56 255.255.255.0
[RouterA-GigabitEthernet2/0/1] quit
# 生成DSA密钥对。
[RouterA] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+
Create the key pair successfully.
# 将生成的DSA主机公钥导出到指定文件key.pub中。
[RouterA] public-key local export dsa ssh2 key.pub
[RouterA] quit
客户端生成密钥对后,需要将保存的公钥文件key.pub通过FTP/TFTP方式上传到服务器,具体过程略。
# 生成RSA密钥对。
[RouterB] public-key local create rsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.
# 生成DSA密钥对。
[RouterB] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+
Create the key pair successfully.
# 使能Stelnet服务器功能。
# 配置接口GigabitEthernet2/0/1的IP地址,客户端将通过该地址连接Stelnet服务器。
[RouterB] interface gigabitethernet 2/0/1
[RouterB-GigabitEthernet2/0/1] ip address 192.168.1.40 255.255.255.0
[RouterB-GigabitEthernet2/0/1] quit
# 设置Stelnet客户端登录用户线的认证方式为AAA认证。
[RouterB-line-vty0-15] authentication-mode scheme
[RouterB-line-vty0-15] quit
# 从文件key.pub中导入远端的公钥,并命名为clientkey。
[RouterB] public-key peer clientkey import sshkey key.pub
# 设置SSH用户client002的认证方式为publickey,并指定公钥为clientkey。
# 创建设备管理类本地用户client002,并设置服务类型为SSH,用户角色为network-admin。
[RouterB] local-user client002 class manage
[RouterB-luser-manage-client002] service-type ssh
[RouterB-luser-manage-client002] authorization-attribute user-role network-admin
[RouterB-luser-manage-client002] quit
(3) Stelnet客户端建立与Stelnet服务器的连接
# 建立到服务器192.168.1.40的SSH连接。
Username: client002
Press CTRL+C to abort.
Connecting to 192.168.1.40 port 22.
The server is not authenticated. Continue? [Y/N]:y
Do you want to save the server public key? [Y/N]:n
Enter a character ~ and a dot to abort.
******************************************************************************
* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<RouterB>
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论