全部博文(1015)
分类:
2011-08-17 21:36:06
1] 生成RSA及DSA密钥对,并启动SSH服务器。
[Router] public-key local create rsa
[Router] public-key local create dsa
[Router] ssh server enable
2] 配置接口Ethernet1/1的IP地址,客户端将通过该地址连接SSH服务器。
[Router] interface GigabitEthernet0/3
[Router-GigabitEthernet0/3] ip address 172.21.33.253 255.255.255.128
[Router-GigabitEthernet0/3] quit
3] 设置SSH客户端登录用户界面的认证方式为AAA认证。
[Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode scheme
[Router-ui-vty0-4] protocol inbound ssh
[Router-ui-vty0-4] quit
# 创建本地用户client001,并设置用户访问的命令级别为3。
[Router] local-user ssh01
[Router-luser-ssh01] password cihper xxxxx
[Router-luser-ssh01] service-type ssh
[Router-luser-ssh01] authorization-attribute level 3
[Router-luser-ssh01] quit
附:H3C MSR5006配置
#
version 5.20, Release 1809P01
#
sysname Router
#
super password level 3 cipher V0T^_X)GN+OQ=^Q`MAF4<1!!
#
domain default enable system
#
dar p2p signature-file flash:/p2p_default.mtd
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
---- More ---- [16D [16D authorization-attribute level 3
service-type telnet
local-user ssh01
password cipher ,-Z#Q
service-type ssh
#
interface Aux0
async mode flow
link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
#
interface GigabitEthernet0/2
port link-mode route
#
interface GigabitEthernet0/3
---- More ---- [16D [16D port link-mode route
ip address 172.21.33.253 255.255.255.128
#
interface GigabitEthernet0/0
port link-mode bridge
#
ssh server enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
protocol inbound ssh
#
return
[Router]