华为ENSP SSH使用RSA密钥交换进行远程登录实验 |
您所在的位置:网站首页 › ensp怎么查看交换机配置信息 › 华为ENSP SSH使用RSA密钥交换进行远程登录实验 |
华为ENSP SSH使用RSA密钥交换进行远程登录实验
|
实验拓扑:
实验流程: 1、AR1模拟客户端,AR2模拟远程登录服务器 1、AR2开启SSH服务,配置AAA本地用户 2、交换AR1和AR2的host主机密钥 3、实现AR1远程登录AR2 实验配置: 先配置AR1和AR2的IP地址 [AR1]int GigabitEthernet 0/0/0 [AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24 [AR2]int g0/0/0 [AR2-GigabitEthernet0/0/0]ip add 192.168.1.2 24AR2开启SSH服务,配置本地AAA用户模板 [AR2]stelnet server enable [AR2]user-interface vty 0 4 [AR2-ui-vty0-4]authentication-mode aaa [AR2-ui-vty0-4]protocol inbound ssh [AR2-ui-vty0-4]quit [AR2]aaa [AR2-aaa]local-user jjh password cipher 123 [AR2-aaa]local-user jjh service-type ssh [AR2-aaa]local-user jjh privilege level 13AR1和AR2创建本地密钥 [AR1]rsa local-key-pair create The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]:512 Generating keys... ........................++++++++++++ ...........++++++++++++ .....++++++++ ......++++++++ [AR2]rsa local-key-pair create The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]:512 Generating keys... ........................++++++++++++ ...........++++++++++++ .....++++++++ ......++++++++查看并且复制AR1和AR2的host密钥(3047到010001,会有host和server别选错了,仔细看) [AR1]dis rsa local-key-pair public ===================================================== Time of Key pair created: 2024-04-04 10:02:15-08:00 Key name: Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 CE7B3444 08289AFC 692BCF29 81C1CA0A E6B65115 8F5EEDE9 212B48ED 5D21B4E8 3C44DC57 D59B6BC6 845A7BA8 3F7DF5B2 9C7CD9E4 CA9192DE 7090A124 151DBA69 0203 010001 [AR2]dis rsa local-key-pair public ===================================================== Time of Key pair created: 2007-08-25 16:35:02-08:00 Key name: Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 C974420D DD712C58 36A67819 362FEB9C 9C17E326 24101B32 C272F9C9 E3CD06EB C2C73F7C BC89A0E0 994995EF 7885F359 57B25237 3D441556 A050F823 6087E121 0203 010001AR1和AR2交换对方的密钥 [AR1]rsa peer-public-key ar2 [AR1-rsa-public-key]public-key-code begin [AR1-rsa-key-code]3047 [AR1-rsa-key-code] [AR1-rsa-key-code] 0240 [AR1-rsa-key-code] [AR1-rsa-key-code] C974420D DD712C58 36A67819 362FEB9C 9C17E326 [AR1-rsa-key-code] [AR1-rsa-key-code] 24101B32 C272F9C9 E3CD06EB C2C73F7C BC89A0E0 [AR1-rsa-key-code] [AR1-rsa-key-code] 994995EF 7885F359 57B25237 3D441556 A050F823 [AR1-rsa-key-code] [AR1-rsa-key-code] 6087E121 [AR1-rsa-key-code] [AR1-rsa-key-code] 0203 [AR1-rsa-key-code] [AR1-rsa-key-code] 010001 [AR1-rsa-key-code]public-key-code end [AR1-rsa-public-key]peer-public-key end [AR2]rsa peer-public-key ar1 [AR2-rsa-public-key]public-key-code begin [AR2-rsa-key-code]3047 [AR2-rsa-key-code] [AR2-rsa-key-code] 0240 [AR2-rsa-key-code] [AR2-rsa-key-code] CE7B3444 08289AFC 692BCF29 81C1CA0A E6B65115 [AR2-rsa-key-code] [AR2-rsa-key-code] 8F5EEDE9 212B48ED 5D21B4E8 3C44DC57 D59B6BC6 [AR2-rsa-key-code] [AR2-rsa-key-code] 845A7BA8 3F7DF5B2 9C7CD9E4 CA9192DE 7090A124 [AR2-rsa-key-code] [AR2-rsa-key-code] 151DBA69 [AR2-rsa-key-code] [AR2-rsa-key-code] 0203 [AR2-rsa-key-code] [AR2-rsa-key-code] 010001 [AR2-rsa-key-code]public-key-code end [AR2-rsa-public-key]peer-public-key end为SSH用户分配密钥和选择身份认证方式 [AR2]ssh user jjh assign rsa-key ar1 [AR2]ssh user jjh authentication-type rsa此时在AR1即可通过密钥远程登录AR2 [AR1]ssh client first-time enable [AR1]stelnet 192.168.1.2 Please input the username:jjh Trying 192.168.1.2 ... Press CTRL+K to abort Connected to 192.168.1.2 ... The server is not authenticated. Continue to access it? (y/n)[n]:y Save the server's public key? (y/n)[n]:y The server's public key will be saved with the name 192.168.1.2. Please wait...SSH的另一种方法,使用账号+密码的方式登录,在我主页第二个发表的文章 |
【本文地址】
今日新闻 |
推荐新闻 |