交换机ssh典型配置案例

1、交换机SSH应用配置：网络连接：SSH终端与交换机建立本地连接，能ping通交换机即可。交换机及终端配置过程：在交换机上，SSH支持的认证方式有两种，分别为口令认证和RSA认证。此处采用的SSH客户 端为免费的putty程序。1、口令认证方式：交换机上的配置：Quidway rsa local-key-pair createQuidway user-interface vty 0 4Quidway-ui-vty0-4 authentication-mode schemeQuidway-ui-vty0-4 protocol inbound sshQuidway local-user ssh1Qu

2、idway-luser-ssh1 password simple huaweiQuidway-luser-ssh1 service-type sshQuidway ssh user ssh1 authentication-type password注：此时添加的ssh用户ssh1的级别为默认的级别1,如果想要管理交换机还需在交换机上配置super password ；也可以直接配置ssh1的级别为最高的level 3:Quidway-luser-ssh1 service-type ssh level 3客户端的配置：在Host Name处输入交换机的ip地址：交换机支持的SSH版本只能为1：在

3、下面的界面里面选择验证方式为SSH1 ,不选择验证参数:单击Open按钮，出现登陆提示框，输入用户名及密码即可:2、RSA认证方式：交换机的配置：Quidway local-user ssh2Quidway-luser-ssh2 service-type sshQuidway user-interface vty 0 4Quidway-ui-vty0-4 authentication-mode shemeQuidway-ui-vty0-4 protocol inbound sshQuidway ssh user ssh2 authentication-type RSAQuidway rsa p

4、eer-public-key rsaQuidway-rsa-public public-key-code beginQuidway-key-code 30818602 8180524E 0D488D01 6B5B8805 24287324 CBB9A613Quidway-key-code CE644155 84CC73E5 C2055B02 457A3A86 DA794B4A A2FBE8ABQuidway-key-code 3AC42F47 F2F58F38 369F8985 9A15B904 03829B62 31F0EDE2Quidway-key-code 8F275DC9 B48B1C

5、64 CCB504F0 9967B7A9 991DF16B 1846C71EQuidway-key-code 2B61E744 CF08F7A3 BC774148 D84F7681 CF5B112D 2F219ED5Quidway-key-code 9474DE71 E8C0A4FD 0C75073D F4210201 25Quidway-key-code public-key-code endQuidway-rsa-public peer-public-key endQuidway ssh user ssh2 assign rsa-key rsa客户端配置：首先使用一个PuTTY Key G

6、enerator的软件，生成公钥和私钥，再分别将两个密钥保存为本地文 件，名为rsa和 private:PuTTT Key GeneratorFile Key Conversions HelpKeyPuHic：key for pacing into authorized_keys：file:1023.37.57796459397532701238920719600335650757673237209301104241823902673196 0364237401235498796331121530006074313228656511376143053776719647039 2SS721979

7、4S344S4710214573057845310612304745514474S477717597781069 11117341704540670101951714912325401229177002319228464288410025394020ActionsGenerate a public/private.key pairLoad an existing private key fileSave the generated:keyParameters1Type of key to generate: SSH1 (RSAfOSH2RSANumber of bita. jn a gener

8、ated kev：OSSH2DSA1024由于生成的密钥是通用的格式，因此还需要将这些密钥转换成我司设备支持的格式， 软件将保存到本地的公钥文件rsa进行转换：使用sshkey再将转换后的RSA公钥配置到交换机上最后，打开PuTTY程序，前面的选项不变，同时要选择认证参数，打开本地保存的私钥文 件 private:点击Open按钮，在提示框中只需输入用户名ssh2即可:169, 254. U1 - PuTTT匚|旦|区login as: 38hSent usern；5Ltie rpsshrr|ssh 169 2 54 1 11 s passT-Tord:fr-fr-fr-fr-fr-fr-fr

9、-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr|All rights reserved (1997-2004)* *Wit.liuut the owner 1 s priou written consent.*宙 n口 decLiinpilinijr or reverse-engineer ing shall lue al lowed. *sy

10、sZnter system view, return to user view uith Ctr1+&.Quidwaydisp verHuawei Versatile Routing Platform Software|VRP (R) Software, Version 3,. 10 (iGN) , RELEASE 0009Copyright (c) 2000-2.004 HUAWEI TECH COLTD.Quidway S2O2 6Z-SI uptime is ueek, day, hour,20 minutesQuidway S2O2 6Z-SI uith SOM Arm? Proces

11、sor.3.2 Mbytes 5DRAMlSISSKbytes Flash MeitioryConfigRegister points to FLASH|Hardware Version is Ver.E：169,254. 1- L - PuTTYlogin as: ssh2pent um已rnam已 ppssh2 ”Tryinijr pi.iijlic key authenticati n.N passphrase requireci.,fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-

12、fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr|宰All rights reserved (1997-2004)古亨Without the owner * 1s prior written consent*I*no decompiling or reverse-engineering shal1 toe allowed.*,fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr

13、-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr-fr5UPassword:Now user privilege is 3 levels and just cottiiriands uhich leve 1 isequal to or less than this level can je used.Privileg已 note: U-VISIT, 1-MOMITOR, 2-SYSTEM, 3-MANAGEI a ysEnter system vieu return to user view with Ct.r 1 + Z.QuiclTiTay disp verHuawe i Vera a