配置
- 0关注
- 1收藏,1225浏览
最佳答案
您的意思应该如何用acl拒绝部分用户ssh登录吧,这个只要按照普通的包过滤配置即可,请参考:
http://www.h3c.com/cn/d_201811/1124606_30005_0.htm
- 2019-08-22回答
- 评论(1)
- 举报
-
(0)
v7设备没问题 可以登录 v5那台有问题
[SW2]acl number 2000 //
[SW2-acl-basic-2000]rule 0 permit source 192.168.1.1 0.0.0.255
[SW2-acl-basic-2000]quit
[SW2]ssh server enable //
Info: Enable SSH server.
[SW2]user-interface vty 0 4 //
[SW2-ui-vty0-4]authentication-mode scheme //验证为用户名密码验证
[SW2-ui-vty0-4]acl 2000 inbound //
[SW2-ui-vty0-4]protocol inbound ssh
[SW2-ui-vty0-4]quit
- 2019-08-22回答
- 评论(4)
- 举报
-
(0)
配置检查过有问题吗?如下是v5的案例,您要不参考在配置下: 3、 ssh登录 3-1、要求:SW1可以ssh登录SW2,禁止SW3通过ssh登录SW2 IP信息:SW1E0/4/0:192.168.1.2/24;SW3E0/4/0:192.168.2.2/24 3-2、SW2配置: <SW2>system-view System View: return to User View with Ctrl+Z. [SW2]interface Ethernet 0/4/0 [SW2-Ethernet0/4/0]ip ad 192.168.1.1 24 [SW2]interface Ethernet 0/4/1 [SW2-Ethernet0/4/1]ip ad 192.168.2.1 24 [SW2]public-key local create dsa //生成dsa密钥 The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* [SW2]public-key local create rsa //生成rsa密钥配置 The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++ ++++++++++++++++++++++++++ +++++++++++++ ++++++ [SW2]ssh user admin service-type stelnet authentication-type password //配置ssh用户admin的服务类型为stelnet,认证方式为password(此步骤可不配置) [SW2]local-user admin //创建新用户 New local user added. [SW2-luser-admin]password simple admin //配置密码 [SW2-luser-admin]service-type ssh //服务类型设置为ssh [SW2-luser-admin]authorization-attribute level 3 //服务等级为level3 [SW2-luser-admin]quit [SW2]acl number 2000 //配置acl允许192.168.1.0网段ssh登陆其他拒绝 [SW2-acl-basic-2000]rule 0 permit source 192.168.1.1 0.0.0.255 [SW2-acl-basic-2000]quit [SW2]ssh server enable //开启ssh服务 Info: Enable SSH server. [SW2]user-interface vty 0 4 //创建虚拟用户 [SW2-ui-vty0-4]authentication-mode scheme //验证为用户名密码验证 [SW2-ui-vty0-4]acl 2000 inbound //调用acl [SW2-ui-vty0-4]protocol inbound ssh 类型ssh [SW2-ui-vty0-4]quit
优秀
我那台v7设备客户是可以输入密码登录的 这个v5设备 他登录的时候显示 the connction is closed by ssh server 是什么问题
你好 还在吗
配置检查过有问题吗?如下是v5的案例,您要不参考在配置下: 3、 ssh登录 3-1、要求:SW1可以ssh登录SW2,禁止SW3通过ssh登录SW2 IP信息:SW1E0/4/0:192.168.1.2/24;SW3E0/4/0:192.168.2.2/24 3-2、SW2配置: <SW2>system-view System View: return to User View with Ctrl+Z. [SW2]interface Ethernet 0/4/0 [SW2-Ethernet0/4/0]ip ad 192.168.1.1 24 [SW2]interface Ethernet 0/4/1 [SW2-Ethernet0/4/1]ip ad 192.168.2.1 24 [SW2]public-key local create dsa //生成dsa密钥 The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* [SW2]public-key local create rsa //生成rsa密钥配置 The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++ ++++++++++++++++++++++++++ +++++++++++++ ++++++ [SW2]ssh user admin service-type stelnet authentication-type password //配置ssh用户admin的服务类型为stelnet,认证方式为password(此步骤可不配置) [SW2]local-user admin //创建新用户 New local user added. [SW2-luser-admin]password simple admin //配置密码 [SW2-luser-admin]service-type ssh //服务类型设置为ssh [SW2-luser-admin]authorization-attribute level 3 //服务等级为level3 [SW2-luser-admin]quit [SW2]acl number 2000 //配置acl允许192.168.1.0网段ssh登陆其他拒绝 [SW2-acl-basic-2000]rule 0 permit source 192.168.1.1 0.0.0.255 [SW2-acl-basic-2000]quit [SW2]ssh server enable //开启ssh服务 Info: Enable SSH server. [SW2]user-interface vty 0 4 //创建虚拟用户 [SW2-ui-vty0-4]authentication-mode scheme //验证为用户名密码验证 [SW2-ui-vty0-4]acl 2000 inbound //调用acl [SW2-ui-vty0-4]protocol inbound ssh 类型ssh [SW2-ui-vty0-4]quit
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
v7设备没问题 可以登录 v5那台有问题