配置设备作为 STelnet 客户端登录其他设备示例
(适合华为交换机V200R020以及以后的版本如s5735-L24T4x-A1 2021年10月15日 )
步骤1 在服务器端生成本地密钥对
system-view
[HUAWEI] sysname SSH Server
[SSH Server] dsa local-key-pair create
Info: The key name will be: SSH Server_Host_DSA.
Info: The DSA host key named SSH Server_Host_DSA already exists.
Info: The key modulus can be any one of the following : 1024, 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=2048]:
Info: Generating keys…
Info: Succeeded in creating the DSA host keys.
步骤2 在服务器端创建SSH用户
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] quit
● 创建SSH用户client001。
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password irreversible-cipher Example@123
[SSH Server-aaa] local-user client001 privilege level 3
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001
[SSH Server] ssh user client001 authentication-type password
步骤3 SSH服务器端开启STelnet服务功能
[SSH Server] stelnet server enable //使能STelnet服务器功能。V200R020及之后版本您还需要执行ssh server-source命令配置服务器端的源接口为10.1.1.1对应的接口,客户端才能通过10.1.1.1连接服务器。
[HUAWEI] http server-source -i MEth0/0/1(vlanif 1) //缺省情况下,设备默认将管理IP地址192.168.1.253配置
在管理网口或VLANIF1接口下,并将该接口设置为HTTP服务器端的源接口,且设备默认未指定HTTP服务器端的IPv6源地址。
Warning: The operation will reboot the HTTP server. Continue? [Y/N]:y
步骤4 配置SSH用户client001的服务方式为STelnet
[SSH Server] ssh user client001 service-type stelnet
步骤5 STelnet客户端连接SSH服务器
system-view
[HUAWEI] sysname client001
[client001] ssh client first time enable
步骤6 验证配置结果
在SSH服务器端执行display ssh server status命令可以查看到STelnet服务已经使能。
执行display ssh user-information命令可以查看服务器端SSH用户信息。
[SSH Server] display ssh server status
SSH version :2.0
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH authentication retries :3 times
SFTP server :Disable
Stelnet server :Enable
Scp server :Disable
SSH server source :0.0.0.0
ACL4 number :0
ACL6 number :0
[SSH Server] display ssh user-information
User 1:
User Name : client001
Authentication-type : password
User-public-key-name : -
User-public-key-type : -
Sftp-directory : -
Service-type : stelnet
Authorization-cmd : No
User 2:
User Name : client002
Authentication-type : dsa
User-public-key-name : dsakey001
User-public-key-type : dsa
Sftp-directory : -
Service-type : stelnet
Authorization-cmd : No
