因为telnet缺少安全的认证方式 在传输过程中采用tcp明文传输 存在安全隐患。所以出现了stelnet(secure telnet的简称)可以在一个传统不安全的网络中 server通过对client的认证和双向数据加密,为网络提供安全的telnet服务

实验:用路由器r1模拟pc 作为client。路由器r2作为server。模拟r1远程登陆r2.通过password认证来实现

华为ensp模拟器怎么设置(华为ensp模拟器实验笔记)(1)

r2配置如下:

<Huawei>

May 6 2018 12:36:00-08:00 Huawei %IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt

hernet0/0/0 has turned into UP state.

<Huawei>sy

Enter system view, return user view with Ctrl Z.

[Huawei]sysname server 修改设备名称

[server]rsa loc

[server]rsa local-key-pair c

[server]rsa local-key-pair create 生成rsa主机密钥

The key name will be: Host

% RSA keys defined for Host already exist.

Confirm to replace them? (y/n)[n]:y

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Input the bits in the modulus[default = 512]:y

% Invalid number, the range is (512 ~ 2048).

[server]ste

[server]stelnet serv

[server]stelnet server en

[server]stelnet server enable ssh设备默认是关闭的所以需要开启

Info: Succeeded in starting the STELNET server.

[server]user

[server]user-group

[server]user-interface vty 0 4 进入接口

[server-ui-vty0-4]auth

[server-ui-vty0-4]authentication-mode aaa

[server-ui-vty0-4]pro

[server-ui-vty0-4]protocol in

[server-ui-vty0-4]protocol inbound ssh 设置使用ssh 默认关闭telnet

[server-ui-vty0-4]q

[server]aaa

[server-aaa]loc

[server-aaa]local-user admin pass

[server-aaa]local-user admin password cip

[server-aaa]local-user admin password cipher hello

[server-aaa]local-user admin password cipher hello pri

[server-aaa]local-user admin password cipher hello privilege lev

[server-aaa]local-user admin password cipher hello privilege level 3 设置用户名 密码 级别

[server-aaa]loc

[server-aaa]local-user admin ser

[server-aaa]local-user admin service-type ssh 将aaa下的模式设置为ssh

[server-aaa]q

[server]ssh user admin auth

[server]ssh user admin authentication-type pass

[server]ssh user admin authentication-type password 设置用户验证方式为password

Authentication type setted, and will be in effect next time

[server]int g0/0/0

[server-GigabitEthernet0/0/0]ip add 10.1.1.254 24

[server-GigabitEthernet0/0/0]

May 6 2018 12:38:42-08:00 server %IFNET/4/LINK_STATE(l)[1]:The line protocol

IP on the interface GigabitEthernet0/0/0 has entered the UP state.

[server-GigabitEthernet0/0/0]q

[server]

[server]

May 6 2018 12:43:50-08:00 server %IFPDT/4/IF_STATE(l)[5]:Interface GigabitEt

hernet0/0/0 has turned into DOWN state.

[server]

r1配置:

<Huawei>sy

Enter system view, return user view with Ctrl Z.

[Huawei]sysname client

[client]ssh client fi

[client]ssh client first-time en

[client]ssh client first-time enable 开启ssh用户认证

[client]int g0/0/0

[client-GigabitEthernet0/0/0]ip add 10.1.1.1 24

May 6 2018 12:39:36-08:00 client %IFNET/4/LINK_STATE(l)[0]:The line protocol

IP on the interface GigabitEthernet0/0/0 has entered the UP state.

[client-GigabitEthernet0/0/0]q

配置完成后进行验证 在r1上stelnet 10.1.1.254

[Huawei]sysname client

[client]ste

[client]stelnet 10.1.1.254

Please input the username:admin

Trying 10.1.1.254 ...

Press CTRL K to abort

Connected to 10.1.1.254 ...

Enter password:

-----------------------------------------------------------------------------

User last login information:

-----------------------------------------------------------------------------

Access Type: SSH

IP-Address : 10.1.1.1 ssh

Time : 2018-05-06 13:07:21-08:00

-----------------------------------------------------------------------------

<server>sy

Enter system view, return user view with Ctrl Z.

[server]

,