周亚军 红宝书 案例 3 SSH远程管理协议

一、实验要求

SW1 作为SSH客户端，登录并管理 SSH服务器R1
1

现实中 是用运行putty 或者secureSRT的计算机作为客户端

配置要点

	 1、设置IP  ，实现设备间通讯 
	 2、开启ssh服务 
	 3、开启vty 0 4 设置用户级别
1
2
3

实验步骤

1、设置IP ，实现设备间通讯

[H3C]sysn R1
[R1]int g0/0
[R1-GigabitEthernet0/0]ip a  10.1.11.1 29
1
2
3

[H3C]SYS SW1
[SW1]int vlan 1
[SW1-Vlan-interface1]ip a 10.1.11.2 29
[SW1-Vlan-interface1]ping 10.1.11.2
Ping 10.1.11.2 (10.1.11.2): 56 data bytes, press CTRL_C to break
56 bytes from 10.1.11.2: icmp_seq=0 ttl=255 time=0.000 ms
56 bytes from 10.1.11.2: icmp_seq=1 ttl=255 time=0.000 ms
1
2
3
4
5
6
7

2、开启SSH服务 和vty 0 4 设置用户级别

[R1]ssh ser en
[R1]line vty 0 4
[R1-line-vty0-4]authentication-mode scheme
[R1-line-vty0-4]protocol inbound ssh #允许ssh登录
[R1-line-vty0-4]qu

[R1]local-user abc cl manage
[R1-luser-manage-abc]password simple 123456789a
[R1-luser-manage-abc]authorization-attribute user-role level-15
[R1-luser-manage-abc]service-type ssh

1
2
3
4
5
6
7
8
9
10
11

3、 验证

<SW1>ssh 10.1.11.1
Username: abc
Press CTRL+C to abort.
Connecting to 10.1.11.1 port 22.
The server is not authenticated. Continue? [Y/N]: y
Do you want to save the server public key? [Y/N]:y
abc@10.1.11.1's password:
Enter a character ~ and a dot to abort.

******************************************************************************
* Copyright (c) 2004-2021 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *
******************************************************************************

<R1>sys
System View: return to User View with Ctrl+Z.
[R1]dis users
  Idx  Line     Idle       Time              Pid     Type
  0    CON 0    00:01:38   Nov 13 09:12:43   10958
+ 66   VTY 0    00:00:00   Nov 13 09:17:28   10972   SSH

Following are more details.
VTY 0   :
        User name: abc
        Location: 10.1.11.2
 +    : Current operation user.
 F    : Current operation user works in async mode.
[R1]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

核心知识 - 开启SSH服务

1、vty 虚拟终端 virtual teletype terminal
2、0 4是指可以有5个用户会话同时连接，0,1,2,3,4
3、authentication-mode三种模式

none      远程维护登陆不需要密码
scheme    用户密码验证模式
password  密码验证
1
2
3

①scheme 用户密码验证模式

[SW1]ssh server enable
[SW1]line vty 0 4
[SW1-line-vty0-4]authentication-mode scheme
[SW1-line-vty0-4]qu

[SW1]local-user abc class  manage
[SW1-luser-manage-abc]password simple 123456789a #需要10位
[SW1-luser-manage-abc]authorization-attribute user-role level-15 #设置授权访问级别
[SW1-luser-manage-abc]service-type ssh  #设置访问服务类型为
1
2
3
4
5
6
7
8
9

疑问

[R1]ssh ser en
1

[R1]line vty 0 4
[R1-line-vty0-4]authentication-mode scheme
[R1-line-vty0-4]protocol inbound ssh #允许ssh登录
[R1-line-vty0-4]qu

[R1]local-user abc cl manage
[R1-luser-manage-abc]password simple 123456789a
[R1-luser-manage-abc]authorization-attribute user-role level-15#用户登记是否 要放到 line-vty 0 4
[R1-luser-manage-abc]service-type ssh

故障排查思路

通用命令累积

reset sa 恢复设备默认设置
reb 重启
un in en 关闭提示