问题描述:
MSR930路由器,之前配置了只允许192.168.1.0的网段可以ssh连接,现在因其他关系需要取消这项配置,相关配置已经删除,可还是不能ssh连接,请大神帮忙看看哪里没有删干净。
#
version 5.20, Release 2514P10
#
sysname H3C
#
super password level 3 cipher $c$3$Ci8D9wEmHG2EjKvxunMV6h21NC0CIBO9ot3LQ2o=
#
domain default enable system
#
dns proxy enable
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
ndp enable
#
ntdp enable
#
cluster enable
#
port-security enable
#
password-recovery enable
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool 0
static-bind ip-address 192.168.1.30 mask 255.255.255.0
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.20.30 192.168.20.200
network mask 255.255.255.0
gateway-list 192.168.20.1
dns-list 192.168.20.1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$CTOuI/Dy48o9V5RgBdshCAu9wevBYgx6FcLnacg=
authorization-attribute level 3
service-type telnet
service-type web
#
cwmp
undo cwmp enable
#
attack-defense policy 86 interface GigabitEthernet0/0
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
tcp mss 1024
#
interface Dialer10
nat outbound
nat server 1 protocol tcp global current-interface 10080 inside 192.168.20.224 www
nat server 2 protocol tcp global current-interface 10023 inside 192.168.20.203 22
nat server 4 protocol tcp global current-interface 18082 inside 192.168.20.224 8082
nat server 5 protocol tcp global current-interface 18083 inside 192.168.20.224 8083
nat server 3 protocol tcp global current-interface 18081 inside 192.168.20.224 8081
nat server 6 protocol tcp global current-interface 10081 inside 192.168.20.224 81
link-protocol ppp
ppp chap user 17770327195
ppp chap password cipher $c$3$/cUEkj6ClpHtVkro2Q1Xn5XxwQfQnDyXRMSD
ppp pap local-user 17770327195 password cipher $c$3$WIpudgdUZLn5T+Y4tWaNEhTBPx6BqMwhX/kz
ppp ipcp dns admit-any
ppp ipcp dns request
mtu 1492
ip address ppp-negotiate
tcp mss 1024
dialer user username
dialer-group 10
dialer bundle 10
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.20.1 255.255.255.0
tcp mss 1024
dhcp server apply ip-pool vlan1
#
interface GigabitEthernet0/0
port link-mode route
nat outbound
nat server 1 protocol tcp global current-interface 10080 inside 192.168.20.224 www
nat server 2 protocol tcp global current-interface 10023 inside 192.168.20.203 22
nat server 4 protocol tcp global current-interface 18082 inside 192.168.20.224 8082
nat server 5 protocol tcp global current-interface 18083 inside 192.168.20.224 8083
nat server 3 protocol tcp global current-interface 18081 inside 192.168.20.224 8081
nat server 6 protocol tcp global current-interface 10081 inside 192.168.20.224 81
pppoe-client dial-bundle-number 10
attack-defense apply policy 86
#
interface GigabitEthernet0/1
port link-mode bridge
#
interface GigabitEthernet0/2
port link-mode bridge
#
interface GigabitEthernet0/3
port link-mode bridge
#
interface GigabitEthernet0/4
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 Dialer10
ip route-static 192.168.1.0 255.255.255.0 192.168.25.2
ip route-static 192.168.10.0 255.255.255.0 192.168.25.2
#
dhcp enable
#
ssh server enable
#
dialer-rule 10 ip permit
#
nms primary monitor-interface Dialer10
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
#
return
组网及组网描述:
最佳答案
本地用户没有开SSH权限# local-user admin password cipher $c$3$CTOuI/Dy48o9V5RgBdshCAu9wevBYgx6FcLnacg= authorization-attribute level 3 service-type telnet service-type web #
- 2019-01-03回答
- 评论(3)
- 举报
-
(0)
user-interface vty 0 4 (这个接口下添加上认证)
authentication-mode scheme
local-user admin
service-type ssh (如果你以前用ssh登录,这项应该是已经有的,现在怎么没有了呢,没有就添加上吧,)
- 2019-01-03回答
- 评论(3)
- 举报
-
(0)
好的,我试试
还是不行,最新配置如下 # version 5.20, Release 2514P10 # sysname H3C # super password level 3 cipher $c$3$Ci8D9wEmHG2EjKvxunMV6h21NC0CIBO9ot3LQ2o= # domain default enable system # dns proxy enable # telnet server enable # ssh server enable # dar p2p signature-file flash:/p2p_default.mtd # ndp enable # ntdp enable # cluster enable # port-security enable # password-recovery enable # vlan 1 # domain system access-limit disable state active idle-cut disable self-service-url disable # dhcp server ip-pool vlan1 extended network ip range 192.168.20.30 192.168.20.200 network mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 192.168.20.1 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$CTOuI/Dy48o9V5RgBdshCAu9wevBYgx6FcLnacg= authorization-attribute level 3 service-type telnet service-type web service-type ssh # cwmp undo cwmp enable # attack-defense policy 86 interface GigabitEthernet0/0 signature-detect action drop-packet signature-detect fraggle enable signature-detect land enable signature-detect winnuke enable signature-detect tcp-flag enable signature-detect icmp-unreachable enable signature-detect icmp-redirect enable signature-detect tracert enable signature-detect smurf enable signature-detect source-route enable signature-detect route-record enable signature-detect large-icmp enable defense scan enable defense scan add-to-blacklist defense syn-flood enable defense syn-flood action drop-packet defense udp-flood enable defense udp-flood action drop-packet defense icmp-flood enable defense icmp-flood action drop-packet # interface Aux0 async mode flow link-protocol ppp # interface Cellular0/0 async mode protocol link-protocol ppp tcp mss 1024 # interface Dialer10 nat outbound nat server 1 protocol tcp global current-interface 10080 inside 192.168.20.224 www nat server 2 protocol tcp global current-interface 10023 inside 192.168.20.203 22 nat server 4 protocol tcp global current-interface 18082 inside 192.168.20.224 8082 nat server 5 protocol tcp global current-interface 18083 inside 192.168.20.224 8083 nat server 3 protocol tcp global current-interface 18081 inside 192.168.20.224 8081 nat server 6 protocol tcp global current-interface 10081 inside 192.168.20.224 81 link-protocol ppp ppp chap user 17770327195 ppp chap password cipher $c$3$/cUEkj6ClpHtVkro2Q1Xn5XxwQfQnDyXRMSD ppp pap local-user 17770327195 password cipher $c$3$WIpudgdUZLn5T+Y4tWaNEhTBPx6BqMwhX/kz ppp ipcp dns admit-any ppp ipcp dns request mtu 1492 ip address ppp-negotiate tcp mss 1024 dialer user username dialer-group 10 dialer bundle 10 # interface NULL0 # interface Vlan-interface1 ip address 192.168.20.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan1 # interface GigabitEthernet0/0 port link-mode route nat outbound nat server 1 protocol tcp global current-interface 10080 inside 192.168.20.224 www nat server 2 protocol tcp global current-interface 10023 inside 192.168.20.203 22 nat server 4 protocol tcp global current-interface 18082 inside 192.168.20.224 8082 nat server 5 protocol tcp global current-interface 18083 inside 192.168.20.224 8083 nat server 3 protocol tcp global current-interface 18081 inside 192.168.20.224 8081 nat server 6 protocol tcp global current-interface 10081 inside 192.168.20.224 81 pppoe-client dial-bundle-number 10 attack-defense apply policy 86 # interface GigabitEthernet0/1 port link-mode bridge # interface GigabitEthernet0/2 port link-mode bridge # interface GigabitEthernet0/3 port link-mode bridge # interface GigabitEthernet0/4 port link-mode bridge # ip route-static 0.0.0.0 0.0.0.0 Dialer10 ip route-static 192.168.1.0 255.255.255.0 192.168.25.2 ip route-static 192.168.10.0 255.255.255.0 192.168.25.2 # dhcp enable # ssh server enable # dialer-rule 10 ip permit # nms primary monitor-interface Dialer10 # load xml-configuration # load tr069-configuration # user-interface tty 12 user-interface aux 0 user-interface vty 0 4 local-user admin service-type ssh authentication-mode scheme # return
最新配置如下,还是不能ssh连接路由器
#
version 5.20, Release 2514P10
#
sysname H3C
#
super password level 3 cipher $c$3$Ci8D9wEmHG2EjKvxunMV6h21NC0CIBO9ot3LQ2o=
#
domain default enable system
#
dns proxy enable
#
telnet server enable
#
ssh server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
ndp enable
#
ntdp enable
#
cluster enable
#
port-security enable
#
password-recovery enable
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.20.30 192.168.20.200
network mask 255.255.255.0
gateway-list 192.168.20.1
dns-list 192.168.20.1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$CTOuI/Dy48o9V5RgBdshCAu9wevBYgx6FcLnacg=
authorization-attribute level 3
service-type telnet
service-type web
service-type ssh
#
cwmp
undo cwmp enable
#
attack-defense policy 86 interface GigabitEthernet0/0
signature-detect action drop-packet
signature-detect fraggle enable
signature-detect land enable
signature-detect winnuke enable
signature-detect tcp-flag enable
signature-detect icmp-unreachable enable
signature-detect icmp-redirect enable
signature-detect tracert enable
signature-detect smurf enable
signature-detect source-route enable
signature-detect route-record enable
signature-detect large-icmp enable
defense scan enable
defense scan add-to-blacklist
defense syn-flood enable
defense syn-flood action drop-packet
defense udp-flood enable
defense udp-flood action drop-packet
defense icmp-flood enable
defense icmp-flood action drop-packet
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
tcp mss 1024
#
interface Dialer10
nat outbound
nat server 1 protocol tcp global current-interface 10080 inside 192.168.20.224 www
nat server 2 protocol tcp global current-interface 10023 inside 192.168.20.203 22
nat server 4 protocol tcp global current-interface 18082 inside 192.168.20.224 8082
nat server 5 protocol tcp global current-interface 18083 inside 192.168.20.224 8083
nat server 3 protocol tcp global current-interface 18081 inside 192.168.20.224 8081
nat server 6 protocol tcp global current-interface 10081 inside 192.168.20.224 81
link-protocol ppp
ppp chap user 17770327195
ppp chap password cipher $c$3$/cUEkj6ClpHtVkro2Q1Xn5XxwQfQnDyXRMSD
ppp pap local-user 17770327195 password cipher $c$3$WIpudgdUZLn5T+Y4tWaNEhTBPx6BqMwhX/kz
ppp ipcp dns admit-any
ppp ipcp dns request
mtu 1492
ip address ppp-negotiate
tcp mss 1024
dialer user username
dialer-group 10
dialer bundle 10
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.20.1 255.255.255.0
tcp mss 1024
dhcp server apply ip-pool vlan1
#
interface GigabitEthernet0/0
port link-mode route
nat outbound
nat server 1 protocol tcp global current-interface 10080 inside 192.168.20.224 www
nat server 2 protocol tcp global current-interface 10023 inside 192.168.20.203 22
nat server 4 protocol tcp global current-interface 18082 inside 192.168.20.224 8082
nat server 5 protocol tcp global current-interface 18083 inside 192.168.20.224 8083
nat server 3 protocol tcp global current-interface 18081 inside 192.168.20.224 8081
nat server 6 protocol tcp global current-interface 10081 inside 192.168.20.224 81
pppoe-client dial-bundle-number 10
attack-defense apply policy 86
#
interface GigabitEthernet0/1
port link-mode bridge
#
interface GigabitEthernet0/2
port link-mode bridge
#
interface GigabitEthernet0/3
port link-mode bridge
#
interface GigabitEthernet0/4
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 Dialer10
ip route-static 192.168.1.0 255.255.255.0 192.168.25.2
ip route-static 192.168.10.0 255.255.255.0 192.168.25.2
#
dhcp enable
#
ssh server enable
#
dialer-rule 10 ip permit
#
nms primary monitor-interface Dialer10
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
local-user admin
service-type ssh
authentication-mode scheme
#
return
- 2019-01-03回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
不行就开调试看看咯