配置Router作为SSH服务器
1] 生成RSA及DSA密钥对,并启动SSH服务器。
[Router] public-key local create rsa [Router] public-key local create dsa [Router] ssh server enable 2] 配置接口Ethernet1/1的IP地址,客户端将通过该地址连接SSH服务器。 [Router] interface GigabitEthernet0/3 [Router-GigabitEthernet0/3] ip address 172.21.33.253 255.255.255.128 [Router-GigabitEthernet0/3] quit 3] 设置SSH客户端登录用户界面的认证方式为AAA认证。 [Router] user-interface vty 0 4 [Router-ui-vty0-4] authentication-mode scheme [Router-ui-vty0-4] protocol inbound ssh [Router-ui-vty0-4] quit # 创建本地用户client001,并设置用户访问的命令级别为3。 [Router] local-user ssh01 [Router-luser-ssh01] password cihper xxxxx [Router-luser-ssh01] service-type ssh [Router-luser-ssh01] authorization-attribute level 3 [Router-luser-ssh01] quit 附:H3C MSR5006配置 # version 5.20, Release 1809P01 # sysname Router # super password level 3 cipher V0T^_X)GN+OQ=^Q`MAF4<1!! # domain default enable system # dar p2p signature-file flash:/p2p_default.mtd # vlan 1 # domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system # local-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!! ---- More ---- [16D [16D authorization-attribute level 3 service-type telnet local-user ssh01 password cipher ,-Z#Q service-type ssh # interface Aux0 async mode flow link-protocol ppp # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet0/1 port link-mode route # interface GigabitEthernet0/2 port link-mode route # interface GigabitEthernet0/3 ---- More ---- [16D [16D port link-mode route ip address 172.21.33.253 255.255.255.128 # interface GigabitEthernet0/0 port link-mode bridge # ssh server enable # load xml-configuration # load tr069-configuration # user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3 protocol inbound ssh # return
