No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Device as the Client to Log In to Another Device

Configuring the Device as the Client to Log In to Another Device

A user can log in to another device on the network through Telnet or STelnet from the current device to manage and maintain the remote device.

Configuring the Device as the Telnet Client to Log In to Another Device

Pre-configuration Tasks

Before configure the device as the Telnet client to log in to another device, complete the following tasks:

  • Logging in to the device from a terminal
  • Configuring a route between the device and Telnet server
  • Enabling the Telnet service on the Telnet server
  • Obtaining the Telnet user name, password, and port number configured on the Telnet server
Configuration Process
NOTE:

The Telnet protocol poses a security risk, and therefore the STelnet protocol is recommended.

Table 1-40 describes the tasks in the process of configuring the device as the Telnet client to log in to another device.

Table 1-40 Tasks in the process of configuring the device as the Telnet client to log in to another device

No.

Task

Description

Remarks

1

(Optional) Configure the Telnet client source address

Configure the Telnet client source address. The source address can be set to a source IP address or source interface information, ensuring communication security.

-

2

Log in to another device through Telnet.

Use the Telnet command to log in to the device from a terminal.

Procedure
  1. (Optional) Configure the source address of the Telnet client.
    Table 1-41 Configure the source address of the Telnet client.

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Configure the Telnet client source address.

    telnet client source { -a source-ip-address | -i interface-type interface-number }

    The Telnet client source address on the server must be the same as the address configured running this command.

    Commit the configuration.

    commit

    -

    Return to user view.

    quit

    -

  2. Log in to another device through Telnet.
    Table 1-42 Actions for logging in to another device through Telnet

    Action

    Command

    Description

    Use the IPv4 address to log in to the server through Telnet.

    telnet [ [ vpn-instance vpn-instance-name ] -a source-ip-address | -i interface-type interface-number ] host-ip [ port-number ]

    Perform either of the following steps by determining whether the network protocol is based on IPv4 or IPv6.

    The Telnet client can log in successfully with no port specified only when the server is listening on port 23. If the server is listening on another port, the port number must be specified upon login.

    Use the IPv6 address to log in to the server through Telnet.

    telnet ipv6 host-ipv6 [ -oi interface-type interface-number ] [ port-number ]

Checking the Configuration
  • Run the display tcp status command to check all TCP connections.

Configuring the Device as the STelnet Client to Log In to Another Device

Pre-configuration Tasks

Before configure the device as the STelnet client to log in to another device, complete the following tasks:

  • Logging in to the device from a terminal
  • Configuring a route between the device and STelnet server
  • Enabling the STelnet service on the STelnet server
  • Obtaining the SSH user information and port number configured on the STelnet server
Configuration Process
NOTE:

The STelnet V1 protocol poses a security risk, and therefore the STelnet V2 mode is recommended.

Table 1-43 describes the tasks in the process of configuring the device as the STelnet client to log in to another device.

Table 1-43 Tasks in the process of configuring the device as the STelnet client to log in to another device

No.

Task

Description

Remarks

1

Generating a local key pair

Generate a local key pair and configure the public key on the SSH server.

Perform this step only when the device logs in to the SSH server in RSA, DSA, or ECC authentication mode, not the password authentication mode.

Tasks 1, 2, and 3 can be performed in any sequence.

2

Configuring the mode for connecting the device to the SSH server for the first time

You can enable the first authentication function of the SSH client or configure the SSH client to assign a public key to the SSH server.

3

Setting the SSH client parameters

Set the interval for sending keepalive packets on the SSH client and the maximum number of keepalive packets sent by the SSH client.

4

Logging in to another device through STelnet.

Use the STelnet command to log in to the device from a terminal.

-

Default Configuration
Table 1-44 Default values for configuring the device as the STelnet client to log in to another device

Parameter

Default Setting

First authentication on the SSH client

Disabled

Whether the SSH client assigns the RSA, DSA, or ECC public key to the SSH server

No

Procedure

  • Generating a local key pair

    NOTE:

    Perform this step only when the device logs in to the SSH server in RSA, DSA, or ECC authentication mode, not the password authentication mode.

    Table 1-45 Actions for generating a local key pair

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Generate a local key pair.

    rsa local-key-pair create, dsa local-key-pair create, or ecc local-key-pair create

    Perform one of the operations based on the key type.

    Run the display rsa local-key-pair public, display dsa local-key-pair public, or display ecc local-key-pair public command to view the public key in the local RSA, DSA, or ECC key pair. Configure the public key on the SSH server.

    Commit the configuration.

    commit

    -

  • Configuring the mode for connecting the device to the SSH server for the first time

    If the public key of the SSH server has not been saved on the client, the system cannot check SSH server validity when the device that works as the client connects to the SSH server for the first time. The connection fails. Perform one of the following operations:

    • Enabling the first authentication mode on the SSH client: The system does not check the public key of the SSH server, which ensures that the first connection is successful. The system then assigns and saves the public key for subsequent authentication. For details, see Table 1-46. This configuration method is simple.
    • Configuring the SSH client to assign a public key to the SSH server. The public key generated on the server is saved on the client, which ensures that the SSH server validity check is successful for the first connection. For details, see Table 1-47. This configuration method is complex but has high security.

    Select either of the preceding configuration method as required.

    Table 1-46 Actions for enabling first authentication for the SSH client

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Enable first authentication for the SSH client.

    ssh client first-time enable

    By default, first authentication is disabled on the SSH client.

    Commit the configuration.

    commit

    -

    Table 1-47 Actions for configuring the SSH client to assign the RSA, DSA, or ECC public key to the SSH server

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Enter the RSA, DSA, or ECC public key view.

    rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]

    or

    dsa peer-public-key key-name encoding-type { der | openssh | pem }

    or

    ecc peer-public-key key-name

    Perform one of the operations based on the key type.

    Enter the public key editing view.

    public-key-code begin

    -

    Edit the public key.

    hex-data

    • The public key must be a hexadecimal character string in the public key encoding format, and generated by the SSH server.
    • After entering the public key editing view, you must enter the RSA, DSA, or ECC public key that is generated on the server to the client.

    Quit the public key editing view.

    public-key-code end

    • If no key public code hex-data is entered, the public key cannot be generated after you run this command.
    • If the specified key key-name has been deleted, the system displays a message indicating that the key does not exist and returns to the system view directly when you run this command.

    Return to the system view.

    peer-public-key end

    -

    Bind the RSA, DSA, or ECC public key to the SSH server.

    ssh client server-ip-address assign { rsa-key | dsa-key | ecc-key } key-name

    If the SSH server public key saved in the SSH client does not take effect, run the undo ssh client server-ip-address assign { rsa-key | dsa-key | ecc-key } command to cancel the binding between the SSH server and RSA, DSA, or ECC public key, and run this command to assign a new RSA, DSA, or ECC public key to the SSH server.

    Commit the configuration.

    commit

    -

  • Setting the SSH client parameters

    If the SSH client does not receive any data packet from the server within a period, the client sends the maximum number of keepalive packets to the server. If the client does not receive any keepalive response packet from the server, the client disconnects from the server.

    Table 1-48 Actions for setting the SSH client parameters

    Action

    Command

    Description

    Enter the system view.

    system-view

    -

    Set the interval for sending keepalive packets on the SSH client.

    ssh client keepalive-interval seconds

    If the client does not send any keepalive packet (the interval is 0), the maximum number of keepalive packets does not take effect.

    Set the maximum number of keepalive packets sent by the SSH client.

    ssh client keepalive-maxcount count

    Commit the configuration.

    commit

    -

  • Logging in to another device through STelnet

    Table 1-49 Actions for logging in to another device through STelnet

    Action

    Command

    Description

    Use the IPv4 address to log in to the SSH server through STelnet.

    stelnet [ -a source-address | -i interface-type interface-number ] host-ip [ port-number ] [ -vpn-instance vpn-instance-name | prefer_kex kex-type | prefer_ctos_cipher cipher-type | prefer_stoc_cipher cipher-type | prefer_ctos_hmac hmac-type | prefer_stoc_hmac hmac-type | prefer_ctos_compress zlib | prefer_stoc_compress zlib | -ki aliveinterval | -kc alivecountmax | identity-key { rsa | dsa | ecc } ] *

    Run either of the commands based on the network address type.

    The STelnet client can log in successfully with no port specified only when the server is listening on port 22. If the server is listening on another port, the port number must be specified upon login.

    When logging in to the SSH server, the STelnet client can carry the source IP address and VPN instance name and select a key exchange algorithm, an encryption algorithm, compression algorithm, and an HMAC algorithm, and configure the keepalive function.

    If the source interface is specified using -i interface-type interface-number, the -vpn-instance vpn-instance-name parameter is not supported.

    Use the IPv6 address to log in to the SSH server through STelnet.

    stelnet ipv6 [ -a source-address ] host-ipv6 [ -oi interface-type interface-number ] [ port-number ] [ prefer_kex kex-type | prefer_ctos_cipher cipher-type | prefer_stoc_cipher cipher-type | prefer_ctos_hmac hmac-type | prefer_stoc_hmac hmac-type | prefer_ctos_compress zlib | prefer_stoc_compress zlib | -ki aliveinterval | -kc alivecountmax | identity-key { rsa | dsa | ecc } ] *

Checking the Configuration

Run the display ssh server-info command to check the mapping between all SSH servers and public keys on the SSH client.

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 58561

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next