为了确保设备的SSH安全登陆管理,需对SSH进行登录限制。
S6800版本信息如下:
H3C Comware Software, Version 7.1.045, Release 2418P05
Copyright (c) 2004-2015 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C S6800-4C uptime is 239 weeks, 3 days, 6 hours, 18 minutes
Last reboot reason : USER reboot
配置ACL对SSH进行登录限制:
1、创建管理员账号,并赋予最高权限,仅允许SSH登录
[H3C]local-user admin
[H3C-luser-manage-admin]password simple admin
[H3C-luser-manage-admin]service-type ssh
[H3C-luser-manage-admin]authorization-attribute user-role network-admin
[H3C-luser-manage-admin]quit
2、开启SSH功能
[H3C]ssh server enable
3、在VTY调用本地用户登录
[H3C]line vty 0 4
[H3C-line-vty0-4]authentication-mode scheme
[H3C-line-vty0-4]protocol inbound ssh
[H3C-line-vty0-4]quit
4、创建ACL,仅允许管理员IP 192.168.124.7通过SSH登录交换机,其他IP无法登陆
[H3C]acl basic 2000
[H3C-acl-ipv4-basic-2000]rule 0 permit source 192.168.124.7 0
[H3C-acl-ipv4-basic-2000]quit
[H3C]ssh server acl 2000