No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S7700 and S9700 V200R010C00

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring STelnet Login

Example for Configuring STelnet Login

Networking Requirements

Users may require secure remote login, but Telnet cannot provide a secure authentication method. To ensure remote login security, STelnet can be configured. As shown in Figure 5-13, the PC and SSH server are reachable to each other, and 10.137.217.203 is the IP address of the management interface on the SSH server. Configure a login user client001 on the SSH server. The PC uses the account client001 to log in to the SSH server through password authentication.

Figure 5-13  Networking diagram for configuring STelnet login

The STelnet V1 protocol has security vulnerabilities. It is recommended that you log in to the device using STelnet V2.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Install SSH server login software on the PC.

  2. Generate a local key pair on the SSH server to implement secure data exchange between the server and client.

  3. Create SSH user client001 on the SSH server.

  4. Enable the STelnet service on the SSH server.

  5. Set the service type of client001 to STelnet on the SSH server.

  6. Configure client001 to log in to the SSH server through STelnet.

Procedure

  1. Generate a local key pair for the SSH server.

    <HUAWEI> system-view
    [HUAWEI] sysname SSH_Server
    [SSH_Server] dsa local-key-pair create
    Info: The key name will be: HUAWEI_Host_DSA.                                                                                
    Info: The key modulus can be any one of the following : 1024, 2048.                                                            
    Info: If the key modulus is greater than 512, it may take a few minutes.        
    Please input the modulus [default=2048]:                                        
    Info: Generating keys...                                                        
    Info: Succeeded in creating the DSA host keys.

  2. Create an SSH user on the server.

    # Configure the VTY user interface.

    [SSH_Server] user-interface vty 0 14
    [SSH_Server-ui-vty0-14] authentication-mode aaa
    [SSH_Server-ui-vty0-14] protocol inbound ssh
    [SSH_Server-ui-vty0-14] quit

    # Create SSH user client001 and set the authentication mode to password authentication.

    [SSH_Server] aaa
    [SSH_Server-aaa] local-user client001 password irreversible-cipher Huawei@123
    [SSH_Server-aaa] local-user client001 privilege level 3
    [SSH_Server-aaa] local-user client001 service-type ssh
    [SSH_Server-aaa] quit
    [SSH_Server] ssh user client001 authentication-type password

  3. Enable the STelnet service on the SSH server.

    [SSH_Server] stelnet server enable

  4. Set the service type of client001 to STelnet on the SSH server.

    [SSH_Server] ssh user client001 service-type stelnet
    

  5. Verify the configuration.

    # Use the account client001 to log in to the SSH server through password authentication.

    # Log in to the device using PuTTY, enter the device's IP address, and select the SSH protocol.
    Figure 5-14  Logging in to the SSH server through PuTTY in password authentication mode

    # Click Open. In the displayed page, enter the user name and password and press Enter to log in to the SSH server. (The following information is for reference only.)

    login as: client001
    Sent username "client001"
    
    client001@10.137.217.203's password:
    
    Info: The max number of VTY users is 8, and the number
          of current VTY users on line is 5.
          The current login time is 2012-08-06 09:35:28+00:00.
    <SSH_Server>

Configuration Files

SSH_Server configuration file

#
sysname SSH_Server
#
aaa
 local-user client001 password irreversible-cipher $1a$aVW8S=aP=B<OWi1Bu'^R[=_!~oR*85r_nNY+kA(I}[TiLiVGR-i/'DFGAI-O$
 local-user client001 privilege level 3
 local-user client001 service-type ssh
#
stelnet server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type stelnet
#
user-interface vty 0 14
 authentication-mode aaa
#
return
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141895

Views: 62005

Downloads: 219

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next