No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

Example for Logging In to the Device Through a Console Port

Networking Requirements

When you cannot remotely log in to the device, you can perform local login through a console port. If you log in to the device through a console port, only password authentication is required. To improve security, use AAA on the console user interface.

Figure 3-9  Networking diagram of user login through a console port

Configuration Roadmap

The configuration roadmap is as follows:

  1. Use the terminal simulation software to log in to the device through a console port.
  2. Configure the authentication mode of the console user interface.

Procedure

  1. Use the terminal simulation software to log in to the device through a console port.

    1. Insert the DB9 connector of the console cable to the 9-pin serial port on the PC, and insert the RJ45 connector to the console port of the device, as shown in Figure 3-10.

      Figure 3-10  Connecting to the device through the console port

    2. Start the terminal simulation software on the PC. Establish a connection, and set the connected port and communication parameters.

      NOTE:

      A PC may have multiple connection ports; therefore, the port connected through the console cable is selected in this example. Generally, COM1 is selected.

      If the serial port communication parameters of the device are modified, modify the communication parameters on the PC accordingly (ensure that the parameter values are the same) and re-establish the connection.

    3. Press Enter until the system prompts you to enter the password. (The system will prompt you to enter the user name and password in AAA authentication. The following information is only for reference.)

      Login authentication
      
      Password:
      Info: Current mode: Fat (working independently).
      

      You can run commands to configure the device. Enter a question mark (?) whenever you need help.

  2. Configure the authentication mode of the console user interface.

    <Huawei> system-view
    [Huawei] user-interface console 0
    [Huawei-ui-console0] authentication-mode aaa
    [Huawei-ui-console0] user privilege level 15
    [Huawei-ui-console0] quit
    [Huawei] aaa
    [Huawei-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
    [Huawei-aaa] local-user admin1234 privilege level 3
    [Huawei-aaa] local-user admin1234 service-type terminal

    After the preceding operations, you can re-log in to the device on the console user interface only by entering the user name admin1234 and password Helloworld@6789.

Configuration Files
#
aaa
 local-user admin1234 password irreversible-cipher %^%#2nG6Zv%ZK2-LG"#cjRR(2Xx.":<\,'|V/AZlS"Q<]UV!JWM:=Hl`gJTX:cm%%^%#
 local-user admin1234 privilege level 3
 local-user admin1234 service-type terminal
#
user-interface con 0
 authentication-mode aaa
#
return

Example for Logging In to the Device Through Telnet

Networking Requirements

As shown in Figure 3-11, the PC and the server (Huawei device) are reachable to each other. To implement easy remote configuration and management of the device, configure AAA authentication for Telnet users on the server and configure a security policy that allows only the administrator to log in to the device.

Figure 3-11  Networking diagram of logging in to the device through Telnet

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the Telnet login mode to implement remote network device maintenance.

  2. Configure the administrator's user name and password and the AAA authentication mode to ensure that only the administrator can log in to the device.

  3. Configure a security policy to ensure that the administrator's PC can be used to log in to the device.

Procedure

  1. Set the server listening port number and enable the server function.

    <Huawei> system-view
    [Huawei] sysname Telnet Server
    [Telnet Server] telnet server enable
    [Telnet Server] telnet server port 1025

  2. Set the VTY user interface parameters.

    # Set the maximum number of VTY user interfaces.

    [Telnet Server] user-interface maximum-vty 8

    # Set the IP address of the device to which the user is allowed to log in.

    [Telnet Server] acl 2001
    [Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0
    [Telnet Server-acl-basic-2001] quit
    [Telnet Server] user-interface vty 0 7
    [Telnet Server-ui-vty0-7] protocol inbound all
    [Telnet Server-ui-vty0-7] acl 2001 inbound

    # Configure the terminal attributes of the VTY user interface.

    [Telnet Server-ui-vty0-7] shell
    [Telnet Server-ui-vty0-7] idle-timeout 20
    [Telnet Server-ui-vty0-7] screen-length 30
    [Telnet Server-ui-vty0-7] history-command max-size 20

    # Configure the user authentication mode of the VTY user interface.

    [Telnet Server-ui-vty0-7] authentication-mode aaa
    [Telnet Server-ui-vty0-7] quit

  3. Configure the login user information.

    # Configure the login authentication mode.

    [Telnet Server] aaa
    [Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
    [Telnet Server-aaa] local-user admin1234 service-type telnet
    [Telnet Server-aaa] local-user admin1234 privilege level 3
    [Telnet Server-aaa] quit

  4. Configure the client login.

    Enter commands at the command line prompt to log in to the device through Telnet.

    C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025

    Press Enter, and enter the user name and password in the login window. If the authentication is successful, the command line prompt of the user view is displayed. The user view configuration environment is displayed.

    Login authentication
    
    Username:admin1234
    Password:
    Info: Current mode: Fat (working independently).
    <Telnet Server>

Configuration Files

Telnet server configuration file

#
 sysname Telnet Server
#
telnet server port 1025
#
acl number 2001
 rule 5 permit source 10.1.1.1 0
#
aaa
 local-user admin1234 password irreversible-cipher %^%#2nG6Zv%ZK2-LG"#cjRR(2Xx.":<\,'|V/AZlS"Q<]UV!JWM:=Hl`gJTX:cm%%^%#
 local-user admin1234 privilege level 3
 local-user admin1234 service-type telnet
#
user-interface maximum-vty 8
user-interface vty 0 7
 acl 2001 inbound
 authentication-mode aaa
 history-command max-size 20
 idle-timeout 20 0
 screen-length 30
 protocol inbound all
#
return

Example for Logging In to the Device Through STelnet

Networking Requirements

As shown in Figure 3-12, users require secure remote login, but Telnet cannot provide a secure authentication method. In this scenario, STelnet can be configured to ensure security of remote login. 10.137.217.203 is the IP address of the management interface on the SSH server. Two login users client001 and client002 need to be configured on the SSH server. PC1 uses the account of client001 to log in to the SSH server through password authentication; PC2 uses the account of client002 to log in to the SSH server through RSA authentication.

Figure 3-12  Networking diagram of logging in to the device through STelnet

Configuration Roadmap

The configuration roadmap is as follows:

  1. Install the SSH server software on PC1. Install the key pair generation software, public key conversion software, and SSH server login software on PC2.

  2. Generate a local key pair on the SSH server to implement secure data exchange between the server and client.

  3. Configure different authentication modes for the SSH users client001 and client002 on the SSH server.

  4. Enable the STelnet service on the SSH server.

  5. Configure the STelnet server type for the SSH users client001 and client002 on the SSH server.

  6. Log in to the SSH server as the client001 and client002 users through STelnet.

Procedure

  1. Generate a local key pair on the server.

    <Huawei> system-view
    [Huawei] sysname SSH Server
    [SSH Server] rsa local-key-pair create
    The key name will be: Host
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
           It will take a few minutes.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ........++++++++
    ..++++++++
    ............+++++++++
    ......+++++++++
    
    

  2. Create an SSH user on the server.

    NOTE:

    There are four authentication modes for an SSH user: password, RSA, password-RSA, and all.

    • If the authentication mode is password or password-RSA, configure a local user on the server with the same user name.

    • If the authentication mode is RSA, password-RSA, or all, save the RSA public key generated on the SSH client to the server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
    [SSH Server-ui-vty0-4] authentication-mode aaa
    [SSH Server-ui-vty0-4] protocol inbound all
    [SSH Server-ui-vty0-4] user privilege level 5
    [SSH Server-ui-vty0-4] quit
    • Create an SSH user named client001.

      # Create an SSH user named client001 and configure the password authentication mode for the user.Set the password of the client001 user to huawei@123.

      [SSH Server] aaa
      [SSH Server-aaa] local-user client001 password irreversible-cipher huawei@123
      [SSH Server-aaa] local-user client001 privilege level 3
      [SSH Server-aaa] local-user client001 service-type ssh
      [SSH Server-aaa] quit
      [SSH Server] ssh user client001 authentication-type password
    • Create an SSH user named client002.

      # Create an SSH user named client002 and configure the RSA authentication mode for the user.

      [SSH Server] aaa
      [SSH Server-aaa] local-user client002 password irreversible-cipher Huawei@2012
      [SSH Server-aaa] local-user client002 privilege level 3
      [SSH Server-aaa] local-user client002 service-type ssh
      [SSH Server-aaa] quit
      [SSH Server] ssh user client002 authentication-type rsa

      # Generate a local key pair of the client on PC2.

      NOTE:
      The third-party software PuTTY and PuTTYgen are used as an example here, you can download the PuTTY and PuTTYgen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
      1. Run puttygen.exe on the client. It is used to generate the public and private key files.

        Select SSH2 RSA and click Generate. By moving the cursor in the blank area, you can find that the key is being generated.

        Figure 3-13  PuTTY Key Generate page (1)

        After the key is generated, click Save public key to save the key in the key.pub file.

        Figure 3-14  PuTTY Key Generate page (2)

        Click Save private key. The PuTTYgen Warning dialog box is displayed. Click Yes. The private key is saved in the private.ppk file.

        Figure 3-15  PuTTY Key Generate page (3)

      2. Run sshkey.exe on the client. Convert the generated public key to the character string required for the device.

        Open the key.pub file required by SSH that is generated in the previous step.

        Figure 3-16  ssh key converter page (1)

        Click Convert(C). You can see the public keys before and after conversion.

        Figure 3-17  ssh key converter page (2)

      # Enter the RSA public key generated on PC2 to the SSH server.
      [SSH Server] rsa peer-public-key rsakey001
      [SSH Server-rsa-public-key] public-key-code begin
      [SSH Server-rsa-key-code] 30818702 818100CD 1ACDD096 5E779319 F6A88F9E E7669F0A
      [SSH Server-rsa-key-code] 5F898844 09961F38 7215B1D6 98380C6E B4A52BEF B421023D
      [SSH Server-rsa-key-code] 3E6F9732 69FB08B8 2713BE30 8F587C07 80B37D5C 5D3D4E61
      [SSH Server-rsa-key-code] 8F30F514 AEC917F8 F6D91F90 948D89CD F5E4ED58 E24AE5E7
      [SSH Server-rsa-key-code] 6CA9CB13 713680AC C24265DA 33D4E7B2 B80A4CD9 FE897BC5
      [SSH Server-rsa-key-code] 457A8D31 23B82692 93F3D7CE EFE74102 0125
      [SSH Server-rsa-key-code] public-key-code end
      [SSH Server-rsa-public-key] peer-public-key end

      # Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.

      [SSH Server] ssh user client002 assign rsa-key rsakey001

  3. Enable the STelnet service on the SSH server.

    # Enable the STelnet service.

    [SSH Server] stelnet server enable

  4. Verify the configuration.

    • Log in to the SSH server as the client001 user from PC1 using the password authentication mode.

      # Use the PuTTY software to log in to the device, enter the device IP address, and select the SSH protocol type.
      Figure 3-18  PuTTY Configuration page - password authentication mode

      # Click Open. Enter the user name and password at the prompt, and press Enter. You have logged in to the SSH server.

      login as: client001
      Sent username "client001"
      
      client001@10.137.217.203's password:
      
      <SSH Server>
    • Log in to the SSH server as the client002 user from PC2 using the RSA authentication mode.

      # Use the PuTTY software to log in to the device, enter the device IP address, and select the SSH protocol type.

      Figure 3-19  PuTTY Configuration page - RSA authentication mode (1)

      # Choose Connection > SSH in the navigation tree. The page shown in Figure 3-20 is displayed. Select 2 for Preferred SSH protocol version

      Figure 3-20  PuTTY Configuration page - RSA authentication mode (2)

      # Choose Connection > SSH > Auth in the navigation tree. The page shown in Figure 3-21 is displayed. Select the private.ppk file corresponding to the public key configured on the server.

      Figure 3-21  PuTTY Configuration page - RSA authentication mode (3)

      # Click Open. Enter the user name at the prompt, and press Enter. You have logged in to the SSH server.
      login as: client002
      Authenticating with public key "rsa-key"
      
      <SSH Server>

Configuration Files

SSH server configuration file

#
 sysname SSH Server
#
 rsa peer-public-key rsakey001
  public-key-code begin
   308186
     028180
       CD1ACDD0 965E7793 19F6A88F 9EE7669F 0A5F8988 4409961F 387215B1 D698380C
       6EB4A52B EFB42102 3D3E6F97 3269FB08 B82713BE 308F587C 0780B37D 5C5D3D4E
       618F30F5 14AEC917 F8F6D91F 90948D89 CDF5E4ED 58E24AE5 E76CA9CB 13713680
       ACC24265 DA33D4E7 B2B80A4C D9FE897B C5457A8D 3123B826 9293F3D7 CEEFE741
     0201
       25
  public-key-code end
 peer-public-key end
#
aaa
 local-user client001 password irreversible-cipher %^%#2q-i;<Y6_+.>\^UIkR&+N([=Zn:825o1I@U!wGN(ePj./p`m{;vlTs=x6>KX%^%#
 local-user client001 privilege level 3
 local-user client001 service-type ssh
 local-user client002 password irreversible-cipher %^%#06\b>|9x2GmNErMG,euJ],|K5)e5MWg7%-;'}[d4/j@$YL'u#@;q:$M"bC$+%^%#
 local-user client002 privilege level 3
 local-user client002 service-type ssh
#
ssh user client002 assign rsa-key rsakey001
ssh user client002 authentication-type rsa
stelnet server enable
#
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 5
 protocol inbound all
#
return

Example for Configuring the Device as the Telnet Client to Log In to Another Device

Networking Requirements

The user needs to manage and maintain AP2 remotely, as shown in Figure 3-22. However, the PC cannot directly log in to AP2 through Telnet. The user needs to log in to AP1 through Telnet, and then log in to AP2 from AP1 through Telnet. To prevent unauthorized devices from logging in to AP2 through Telnet, an ACL needs to be configured to allow only the Telnet connection from AP1 to AP2.

Figure 3-22  Networking diagram of configuring the device as the Telnet client to log in to another device

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the Telnet authentication mode and password on AP2.
  2. Configure the AP2 to allow AP1 access with ACL.
  3. Log in to AP2 from AP1 through Telnet.

Procedure

  1. Configure the Telnet authentication mode and password on AP2.

    <Huawei> system-view
    [Huawei] sysname AP2
    [AP2] user-interface vty 0 4
    [AP2-ui-vty0-4] user privilege level 15
    [AP2-ui-vty0-4] authentication-mode password
    [AP2-ui-vty0-4] set authentication password cipher
    Info: A plain text password is a string of 8 to 128 case-sensitive characters and must be a combination of at least two of the follow
    ing: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (including spaces and the following :`~!@#$%
    ^&*()-_=+|[{}];:'",<.>/?). A cipher text password contains 56 or 68 characters.
    Current Password: 
    New Password:
    Confirm New Password:
    [AP2-ui-vty0-4] quit

  2. Configure the AP2 to allow AP1 access with ACL.

    [AP2] acl 2000
    [AP2-acl-basic-2000] rule permit source 1.1.1.1 0
    [AP2-acl-basic-2000] quit
    [AP2] user-interface vty 0 4
    [AP2-ui-vty0-4] acl 2000 inbound
    [AP2-ui-vty0-4] quit
    NOTE:

    It is optional to configure an ACL for Telnet services.

  3. Verify the configuration.

    # After the preceding configuration, you can log in to AP2 from AP1 through Telnet. You cannot log in to AP2 from other devices.

    <Huawei> system-view
    [Huawei] sysname AP1
    [AP1] quit
    <AP1> telnet 2.1.1.1
      Press CTRL_] to quit telnet mode
      Trying 2.1.1.1 ...
      Connected to 2.1.1.1 ...
    
    Login authentication
    
    
    Password: 
    <AP2>

Configuration Files

AP2 configuration file

#
 sysname AP2
#
acl number 2000
 rule 5 permit source 1.1.1.1 0
#
user-interface vty 0 4
 acl 2000 inbound
 authentication-mode password
 user privilege level 15
 set authentication password cipher %^%#l^\e>'=8Z-0'Lj9+Ey,(FQ$=>ks/bOcBHC2uZ2n=zO)p0r[*"+=4QW6J7ZLL%^%#
#
return

Example for Configuring the Device as the STelnet Client to Log In to Another Device

Networking Requirements

The enterprise requires that secure data exchange should be performed between the server and client. As shown in Figure 3-23, two login users client001 and client002 are configured and they use the password and RSA authentication modes respectively to log in to the SSH server. A new port number is configured and the default port number is not used.

Figure 3-23  Networking diagram of logging in to another device through STelnet

Configuration Roadmap

The configuration roadmap is as follows:

  1. Generate a local key pair on the SSH server to implement secure data exchange between the server and client.

  2. Configure different authentication modes for the SSH users client001 and client002 on the SSH server.

  3. Enable the STelnet service on the SSH server.

  4. Configure the STelnet server type for the SSH users client001 and client002 on the SSH server.

  5. Set the SSH server listening port number on the SSH server to prevent attackers from accessing the SSH service standard port and ensure security.

  6. Log in to the SSH server as the client001 and client002 users through STelnet.

Procedure

  1. Generate a local key pair on the server.

    <Huawei> system-view
    [Huawei] sysname SSH Server
    [SSH Server] rsa local-key-pair create
    The key name will be: Host
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
           It will take a few minutes.
    Input the bits in the modulus[default = 2048]:2048
    Generating keys...
    ........++++++++
    ..++++++++
    ............+++++++++
    ......+++++++++
    
    

  2. Create an SSH user on the server.

    NOTE:

    There are four authentication modes for an SSH user: password, RSA, password-RSA, and all.

    • If the authentication mode is password or password-RSA, configure a local user on the server with the same user name.

    • If the authentication mode is RSA, password-RSA, or all, save the RSA public key generated on the SSH client to the server.

    # Configure the VTY user interface.

    [SSH Server] user-interface vty 0 4
    [SSH Server-ui-vty0-4] authentication-mode aaa
    [SSH Server-ui-vty0-4] protocol inbound all
    [SSH Server-ui-vty0-4] user privilege level 5
    [SSH Server-ui-vty0-4] quit
    • Create an SSH user named client001.

      # Create an SSH user named client001 and configure the password authentication mode for the user.Set the password of the client001 user to huawei@123.

      [SSH Server] aaa
      [SSH Server-aaa] local-user client001 password irreversible-cipher huawei@123
      [SSH Server-aaa] local-user client001 privilege level 3
      [SSH Server-aaa] local-user client001 service-type ssh
      [SSH Server-aaa] quit
      [SSH Server] ssh user client001 authentication-type password
    • Create an SSH user named client002.

      # Create an SSH user named client002 and configure the RSA authentication mode for the user.

      [SSH Server] aaa
      [SSH Server-aaa] local-user client002 password irreversible-cipher Hello@123
      [SSH Server-aaa] local-user client002 privilege level 3
      [SSH Server-aaa] local-user client002 service-type ssh
      [SSH Server-aaa] quit
      [SSH Server] ssh user client002 authentication-type rsa

      # Generate a local key pair for Client002.

      <Huawei> system-view
      [Huawei] sysname client002
      [client002] rsa local-key-pair create
      The key name will be: Host
      The range of public key size is (512 ~ 2048).
      NOTES: If the key modulus is greater than 512,
             It will take a few minutes.
      Input the bits in the modulus[default = 2048]:2048
      Generating keys...
      ........++++++++
      ..++++++++
      ............+++++++++
      ......+++++++++
      
      
      # Check the public key in the RSA key pair generated on the client.
      [client002] display rsa local-key-pair public
      =====================================================
      Time of Key pair created: 2012-08-06 17:17:37+00:00
      Key name: Host
      Key type: RSA encryption Key
      =====================================================
      Key code:
      308188
        028180
          B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB
          A443130F 7CDB95D8 4A4AE2F3 D94A73D7 36FDFD5F
          411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B
          40A35DE6 2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
          1987178B 8C364D57 DD0AA24A A0C2F87F 474C7931
          A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2
          171896FB 1FFC38CD
        0203
          010001
      
      =====================================================
      Time of Key pair created: 2012-08-06 17:17:44+00:00
      Key name: Server
      Key type: RSA encryption Key
      =====================================================
      Key code:
      3067
        0260
          DF8AFF3C 28213B94 2292852E E98657EE 11DE5AF4
          8A176878 CDD4BD31 55E05735 3080F367 A83A9034
          47D534CA 81250C1D 35401DC3 464E9E5F A50202CF
          A7AD09CD AC3F531C A763F0A0 4C8E51B9 18755400
          76AF4A78 225C92C3 01FE0DFF 06908363
        0203
          010001 
      # Configure the RSA public key on the SSH server. (Information in bold in the display command output is the RSA public key. Copy the information to the server.)
      [SSH Server] rsa peer-public-key rsakey001
      [SSH Server-rsa-public-key] public-key-code begin
      [SSH Server-rsa-key-code] 308188
      [SSH Server-rsa-key-code] 028180
      [SSH Server-rsa-key-code] B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB
      [SSH Server-rsa-key-code] A443130F 7CDB95D8 4A4AE2F3 D94A73D7 36FDFD5F
      [SSH Server-rsa-key-code] 411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B
      [SSH Server-rsa-key-code] 40A35DE6 2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5
      [SSH Server-rsa-key-code] 1987178B 8C364D57 DD0AA24A A0C2F87F 474C7931
      [SSH Server-rsa-key-code] A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2
      [SSH Server-rsa-key-code] 171896FB 1FFC38CD
      [SSH Server-rsa-key-code] 0203
      [SSH Server-rsa-key-code] 010001
      [SSH Server-rsa-key-code] public-key-code end
      [SSH Server-rsa-public-key] peer-public-key end

      # Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.

      [SSH Server] ssh user client002 assign rsa-key rsakey001

  3. Enable the STelnet service on the SSH server.

    # Enable the STelnet service.

    [SSH Server] stelnet server enable

  4. Configure a new listening port number on the SSH server.

    [SSH Server] ssh server port 1025

  5. Connect the STelnet client to the SSH server.

    # Enable the first authentication function on the SSH client upon the first login.

    Enable the first authentication function for Client001.

    <Huawei> system-view
    [Huawei] sysname client001
    [client001] ssh client first-time enable

    Enable the first authentication function for Client002.

    [client002] ssh client first-time enable

    # Log in to the SSH server from Client001 in password authentication mode by entering the user name and password.

    [client001] stelnet 10.1.1.1 1025
    Please input the username:client001
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1 ...
    The server is not authenticated. Continue to access it?[Y/N]:y
    Save the server's public key?[Y/N]:y
    The server's public key will be saved with the name 10.1.1.1. Please wait...
    
    Enter password:   

    Enter the password. The following information indicates that you have logged in successfully:

    <SSH Server>

    # Log in to the SSH server from Client002 in RSA authentication mode.

    [client002] stelnet 10.1.1.1 1025 user-identity-key rsa
    Please input the username: client002
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1 ...
    The server is not authenticated. Continue to access it?(Y/N):y
    Save the server's public key?(Y/N):y
    The server's public key will be saved with the name 10.1.1.1. Please wait...
    
    <SSH Server>

    If the user view is displayed, you have logged in successfully. If the message "Session is disconnected" is displayed, the login fails.

  6. Verify the configuration.

    Attackers fail to log in to the SSH server using the default listening port number 22.

    [client002] stelnet 10.1.1.1
    Please input the username:client002
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Error: Failed to connect to the remote host.

    Run the display ssh server status commands. You can see that the STelnet service has been enabled. Run the display ssh user-information command. Information about the configured SSH users is displayed.

    # Check the status of the SSH server.

    [SSH Server] display ssh server status
     SSH version                         :1.99
     SSH connection timeout              :60 seconds
     SSH server key generating interval  :0 hours
     SSH Authentication retries          :3 times
     SFTP Server                         :Disable
     Stelnet server                      :Enable
     SSH server port                     :1025

    # Check information about SSH users.

    [SSH Server] display ssh user-information
    -------------------------------------------------------------------------------
     Username         Auth-type          User-public-key-name
     -------------------------------------------------------------------------------
     client001        password           null
     client002        rsa                rsakey001
     -------------------------------------------------------------------------------

Configuration Files
  • SSH server configuration file

    #
     sysname SSH Server
    #
    rsa peer-public-key rsakey001
     public-key-code begin
      308188
        028180
          B21315DD 859AD7E4 A6D0D9B8 121F23F0 006BB1BB A443130F 7CDB95D8 4A4AE2F3
          D94A73D7 36FDFD5F 411B8B73 3CDD494A 236F35AB 9BBFE19A 7336150B 40A35DE6
          2C6A82D7 5C5F2C36 67FBC275 2DF7E4C5 1987178B 8C364D57 DD0AA24A A0C2F87F
          474C7931 A9F7E8FE E0D5A1B5 092F7112 660BD153 7FB7D5B2 171896FB 1FFC38CD
        0203
          010001
     public-key-code end
    peer-public-key end
    #
    aaa
     local-user client001 password irreversible-cipher %^%#}4BB(Lcn(<VPH+J-3TqAOmr<GK}K)+m(K>+p3XWPMhMW"Re)"R3E+F-rE6*0%^%#
     local-user client001 privilege level 3
     local-user client001 service-type ssh
     local-user client002 password irreversible-cipher %^%#%B*Q"+bV%8NbV(B%Oc1*^<%SUfdbMFd#O/1Jn@;&m^[_@.&ov*)Pt\5<Znz@%^%#
     local-user client002 privilege level 3
     local-user client002 service-type ssh
    #
    ssh user client002 assign rsa-key rsakey001
    ssh user client002 authentication-type rsa
    stelnet server enable
    SSH server port 1025
    #
    user-interface vty 0 4
     authentication-mode aaa
     user privilege level 5
     protocol inbound all
    #
    return
  • Client001 configuration file

    #
     sysname client001
    #
    ssh client first-time enable
    #
    return
  • Client002 configuration file

    #
     sysname client002
    #
    ssh client first-time enable
    #
    return
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 118770

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next