No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting Guide

CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Configure Stelnet-based Login?

How Do I Configure Stelnet-based Login?

To log in to a device through STelnet, you need to configure the user authentication mode. Currently, the device supports the following authentication modes: RSA, password, password-RSA, DSA, password-DSA, ECC, password-ecc, and all. The following describes how to configure password and RSA authentication modes for STelnet-based login.

Networking Description

As shown in Figure 22-83, the device functions as an SSH server and has reachable routes to PC1 and PC2, and the management IP address of the SSH server is 10.137.217.203. Two login users client001 and client002 need to be configured on the SSH server. PC1 uses client001 to log in to the SSH server through password authentication; PC2 uses client002 to log in to the SSH server through RSA authentication.

Figure 22-83 Networking diagram for logging in to the device through STelnet

Precautions

Note the following when configuring STelnet-based login:

  • The STelnet V1 protocol poses a security risk, and therefore STelnet V2 is recommended.
  • Before configuring STelnet-based login, install the SSH server login software on PC1, and install the key pair generation software, public key conversion software, and SSH server login software on PC2. This example uses the third-party software PuTTY as the SSH server login software.

Procedure

  1. Generate a local key pair on the SSH server.

    <HUAWEI> system-view
    [~HUAWEI] sysname SSH Server
    [*HUAWEI] commit
    [~SSH Server] rsa local-key-pair create   //Generate the local RSA host and server key pairs.
    The key name will be: SSH Server_Host
    The range of public key size is (512 ~ 2048).
    NOTE: Key pair generation will take a short while.
    Input the bits in the modulus [default = 2048] : 2048   //For device security purposes, you are advised to use the default value. In versions from V200R001C00 to V200R019C00, only 2048 bits are supported, and you do not need to enter the value. 
    [*SSH Server] commit
  2. Create SSH users on the server.

    # Configure the VTY user interface.

    [~SSH Server] user-interface vty 0 4   //Enter the view of the VTY 0 to VTY 4 user interfaces.
    [~SSH Server-ui-vty0-4] authentication-mode aaa   //Set the authentication mode of the login user interface to AAA.
    [*SSH Server-ui-vty0-4] user privilege level 3   //Set the user level to 3.
    [*SSH Server-ui-vty0-4] protocol inbound ssh   //Configure the VTY user interface to support SSH.
    [*SSH Server-ui-vty0-4] quit

    # Create the SSH user client001 and set the authentication mode of the user to password authentication.

    [*SSH Server] aaa
    [*SSH Server-aaa] local-user client001 password irreversible-cipher Huawei@123   //Configure the local user name and password.
    [*SSH Server-aaa] local-user client001 level 3   //Set the local user level to 3.
    [*SSH Server-aaa] local-user client001 service-type ssh   //Set the service type of local users to SSH.
    [*SSH Server-aaa] quit
    [*SSH Server] ssh user client001 authentication-type password   //Set the authentication mode for the SSH user client001 to password authentication.

    # Create another SSH user named client002 and configure related information for the user.

    1. Create an SSH user named client002 and configure the RSA authentication mode for the user.
      [*SSH Server] ssh user client002 authentication-type rsa   //Set the authentication mode for the SSH user client002 to RSA authentication.
      [*SSH Server] ssh authorization-type default root
    2. Run puttygen.exe on PC2. It is used to generate the public and private key files.

      Select RSA and click Generate. By moving the cursor in the blank area to generate the key.
      Figure 22-84 PuTTY Key Generator page (1)
      Figure 22-85 PuTTY Key Generator page (2)
      After the key pair is generated, enter the password in the Key passphrase text box and enter the password again in the Confirm passphrase text box. This password is used for the SSH terminal user to log in to the SSH server. Click Save private key, enter private.ppk for the name of the private key file, and click Save. Copy the generated public key to the Notepad and name it public.txt.
      Figure 22-86 PuTTY Key Generator page (3)
    3. On the SSH server, enter the RSA public key generated on PC2.
      [*SSH Server] rsa peer-public-key rsakey001 encoding-type openssh   //Enter the RSA public key view.
      [*SSH Server-rsa-public-key] public-key-code begin   //Enter the RSA public key editing view.
      [*SSH Server-rsa-public-key-rsa-key-code] ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAxHbcqV6
      qqnb1+jQQ0qFLptxWS1xRFfDe6DuMaX2eRUCx3fp2eBA1bgUfHd7eCO05CfHfC443oNBwlj/39Obi8kS
      RIQSlXOU1KIP8DNYtwU/N23p/YDHzbgOVvN6dSr+Ua2Er7m2Hehzdo2XoGuWokqhnuMpA7O7zykXs7rM
      6tdf+hh/992o6GHBD9IbJe9mG6WoAmDkBmedXzBqJeeGb2wbGg9hBTIgVQqZNhthGcVlLUlPJlZQi1ZO
      L3C/cVIOXqnVOqqxHk6nlWcMRo0PxOAegtyzsBETnvcEO2xVw6zF0WVFvU60C99THB+GpuHuRdWzvUNC
      ZpsjmCwkg+4RFGQ== rsa-key-20190422
      [*SSH Server-rsa-public-key-rsa-key-code] public-key-code end   //Exit from the RSA public key editing view.
      [*SSH Server-rsa-public-key] peer-public-key end   //Exit from the RSA public key view.
    4. On the SSH server, bind the RSA public key to the SSH user client002.
      [*SSH Server] ssh user client002 assign rsa-key rsakey001
      [*SSH Server] commit
  3. Enable the STelnet server function on the SSH server.

    [~SSH Server] stelnet server enable
    [*SSH Server] commit
  4. Configure the STelnet service type for client001 and client002.

    [~SSH Server] ssh user client001 service-type stelnet
    [*SSH Server] ssh user client002 service-type stelnet
    [*SSH Server] commit

Verifying the Configuration

After the configuration is completed, use the PuTTY software on the PC to log in to the SSH server. (The output information may vary according to version. Therefore, the output information on your device may be different from that provided in this example.)

  • Log in to the SSH server as the client001 user from PC1 in password authentication mode.

    # Use the PuTTY software to log in to the device, enter the device IP address, and select the SSH protocol.

    Figure 22-87 PuTTY Configuration page - password authentication mode

    # Click Open. On the displayed page, enter the user name client001 and password Huawei@123, then press Enter to log in to the SSH server.

    login as: client001
    Sent username "client001"
    client001@10.137.217.203's password:
    
    Info: The max number of VTY users is 21, the number of current VTY users online is 2, and total number of terminal users online is 2.
          The current login time is 2012-08-04 20:09:11+00:00.
          First login successfully.
    <SSH Server>
  • Log in to the SSH server as the client002 user from PC2 in RSA authentication mode.

    # Use the PuTTY software to log in to the device, enter the device IP address, and select the SSH protocol.

    Figure 22-88 PuTTY Configuration page - RSA authentication mode (1)

    # Choose Connection > SSH in the navigation tree. The page shown in Figure 7 is displayed. Select 2 under Preferred SSH protocol version.

    Figure 22-89 PuTTY Configuration page - RSA authentication mode (2)

    # Choose Connection > SSH > Auth in the navigation tree. The page shown in Figure 8 is displayed. Select the private.ppk file corresponding to the public key configured on the server.

    Figure 22-90 PuTTY Configuration page - RSA authentication mode (3)

    # Click Open. On the displayed page, enter the user name client002, then press Enter to log in to the SSH server.
    login as: client002
    Authenticating with public key "rsa-key"
    
    Info: The max number of VTY users is 5, the number of current VTY users online is 2, and total number of terminal users online is 2.
          The current login time is 2012-08-06 04:30:23+00:00.
          First login successfully.
    <SSH Server>
Translation
Download
Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 604655

Downloads: 2938

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next