Configuration Examples for User Login
- Example for Logging In to the Device Through a Console Port
- Example for Logging In to the Device Through Telnet
- Example for Logging In to the Device Through STelnet
- Example for Configuring the Device as the Telnet Client to Log In to Another Device
- Example for Configuring the Device as the STelnet Client to Log In to Another Device
Example for Logging In to the Device Through a Console Port
Networking Requirements
When you cannot remotely log in to the device, you can perform local login through a console port. If you log in to the device through a console port, only password authentication is required. To improve security, use AAA on the console user interface.
Configuration Roadmap
The configuration roadmap is as follows:
- Use the terminal simulation software to log in to the device through a console port.
- Configure the authentication mode of the console user interface.
Procedure
- Use the terminal simulation software to log in to the device through a console port.
- Connect the DB9 female connector of the console cable to the 9-pin serial port on the PC, and connect the RJ45 connector to the console port on the device, as shown in Figure 4-8.
- Start the terminal simulation software on the PC. Establish a connection, and set the connected port and communication parameters.
A PC may have multiple connection ports; therefore, the port connected through the console cable is selected in this example. Generally, COM1 is selected.
If the serial port communication parameters of the device are modified, modify the communication parameters on the PC accordingly (ensure that the parameter values are the same) and re-establish the connection.
- Configure the authentication mode of the console user interface.
<HUAWEI> system-view[HUAWEI] user-interface console 0[HUAWEI-ui-console0] authentication-mode aaa[HUAWEI-ui-console0] user privilege level 15[HUAWEI-ui-console0] quit[HUAWEI] aaa[HUAWEI-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789[HUAWEI-aaa] local-user admin1234 privilege level 3
[HUAWEI-aaa] local-user admin1234 service-type terminalAfter the preceding operations, you can re-log in to the device on the console user interface only by entering the user name admin1234 and password Helloworld@6789.
Example for Logging In to the Device Through Telnet
Networking Requirements
As shown in Figure 4-9, the PC and the server (Huawei device) are reachable to each other. To implement easy remote configuration and management of the device, configure AAA authentication for Telnet users on the server and configure a security policy that allows only the administrator to log in to the device.
Configuration Roadmap
The configuration roadmap is as follows:
Configure the Telnet login mode to implement remote network device maintenance. In V200R010C00 and later versions, the management interface isolation function is enabled on the device by default. Users can log in to the device only through the management interface. For security purposes, you are advised to enable the management interface isolation function. If users still need to access the device through service interfaces, run the mgmt isolate disable command to disable management interface isolation on the device in advance.
Configure the administrator's user name and password and the AAA authentication mode to ensure that only the administrator can log in to the device.
Configure a security policy to ensure that the administrator's PC can be used to log in to the device.
Procedure
- Set the server listening port number and enable the server function.
<HUAWEI> system-view[HUAWEI] sysname Telnet Server[Telnet Server] telnet server enable
[Telnet Server] telnet server port 1025
- Set the VTY user interface parameters.
# Set the maximum number of VTY user interfaces.
[Telnet Server] user-interface maximum-vty 8
# Set the IP address of the device to which the user is allowed to log in.
[Telnet Server] acl 2001
[Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0
[Telnet Server-acl-basic-2001] quit
[Telnet Server] user-interface vty 0 7
[Telnet Server-ui-vty0-7] protocol inbound all
[Telnet Server-ui-vty0-7] acl 2001 inbound
# Configure the terminal attributes of the VTY user interface.
[Telnet Server-ui-vty0-7] shell
[Telnet Server-ui-vty0-7] idle-timeout 20
[Telnet Server-ui-vty0-7] screen-length 30
[Telnet Server-ui-vty0-7] history-command max-size 20
# Configure the user authentication mode of the VTY user interface.
[Telnet Server-ui-vty0-7] authentication-mode aaa
[Telnet Server-ui-vty0-7] quit
- Configure the login user information.
# Configure the login authentication mode.
[Telnet Server] aaa
[Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
[Telnet Server-aaa] local-user admin1234 service-type telnet
[Telnet Server-aaa] local-user admin1234 privilege level 3[Telnet Server-aaa] quit
- Configure the client login.
Enter commands at the command line prompt to log in to the device through Telnet.
C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025
Press Enter, and enter the user name and password in the login window. If the authentication is successful, the command line prompt of the user view is displayed. The user view configuration environment is displayed.
Login authentication Username:admin1234 Password: <Telnet Server>
Configuration Files
Telnet server configuration file
# sysname Telnet Server # telnet server port 1025 # acl number 2001 rule 5 permit source 10.1.1.1 0 # aaa local-user admin1234 password irreversible-cipher %^%#2nG6Zv%ZK2-LG"#cjRR(2Xx.":<\,'|V/AZlS"Q<]UV!JWM:=Hl`gJTX:cm%%^%# local-user admin1234 privilege level 3 local-user admin1234 service-type telnet # user-interface maximum-vty 8 user-interface vty 0 7 acl 2001 inbound authentication-mode aaa history-command max-size 20 idle-timeout 20 0 screen-length 30 protocol inbound all # return
Example for Logging In to the Device Through STelnet
Networking Requirements
As shown in Figure 4-10, users expect secure remote login, but Telnet cannot provide a secure authentication method. In this scenario, STelnet can be configured to ensure security of remote login. PC1 and PC2 have reachable routes to the SSH server, and 10.137.217.203 is the IP address of the management interface on the SSH server. Two users client001 and client002 need to be configured on the SSH server. PC1 uses the account of client001 to log in to the SSH server through password authentication; PC2 uses the account of client002 to log in to the SSH server through RSA authentication.
Configuration Roadmap
The configuration roadmap is as follows:
Install the SSH server software on PC1. Install the key pair generation software, public key conversion software, and SSH server login software on PC2.
Generate a local key pair on the SSH server to implement secure data exchange between the server and client.
Configure different authentication modes for the SSH users client001 and client002 on the SSH server.
Enable the STelnet service on the SSH server.
Configure the STelnet service type for the SSH users client001 and client002 on the SSH server.
Log in to the SSH server as the users client001 and client002 through STelnet. In V200R010C00 and later versions, the management interface isolation function is enabled on the device by default. Users can log in to the device only through the management interface. For security purposes, you are advised to enable the management interface isolation function. If users still need to access the device through service interfaces, run the mgmt isolate disable command to disable management interface isolation on the device in advance.
Procedure
- Generate a local key pair on the server.
<HUAWEI> system-view[HUAWEI] sysname SSH Server[SSH Server] rsa local-key-pair create
The key name will be: Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 2048]:2048 Generating keys... ........++++++++ ..++++++++ ............+++++++++ ......+++++++++ - Create SSH users on the server.
The following authentication modes are available for an SSH user: password, RSA, password-RSA, ECC, password-ECC, and all.
If the authentication mode is password, password-RSA, or password-ECC, configure a local user on the server with the same user name.
If the authentication mode is RSA, password-RSA, ECC, password-ECC, or all, save the RSA public key generated on the SSH client to the server.
# Configure the VTY user interface.
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound all
[SSH Server-ui-vty0-4] user privilege level 5
[SSH Server-ui-vty0-4] quit
Create an SSH user named client001.
# Create an SSH user named client001 and configure the password authentication mode for the user. Set the password of the user client001 to huawei@123.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password irreversible-cipher huawei@123
[SSH Server-aaa] local-user client001 privilege level 3
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001 authentication-type password
Create an SSH user named client002.
# Create an SSH user named client002 and configure the RSA authentication mode for the user.
[SSH Server] aaa
[SSH Server-aaa] local-user client002 password irreversible-cipher Huawei@2012
[SSH Server-aaa] local-user client002 privilege level 3
[SSH Server-aaa] local-user client002 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client002 authentication-type rsa
# Generate a local key pair of the client on PC2.
The third-party software PuTTY and PuTTYgen are used as an example here.
Run puttygen.exe on the client. It is used to generate the public and private key files.
Select SSH2 RSA and click Generate. By moving the cursor in the blank area, you can find that the key is being generated.
Figure 4-11 PuTTY Key Generate page (1)After the key is generated, click Save public key to save the key in the key.pub file.
Figure 4-12 PuTTY Key Generate page (2)Click Save private key. The PuTTYgen Warning dialog box is displayed. Click Yes. The private key is saved in the private.ppk file.
Figure 4-13 PuTTY Key Generate page (3)Run sshkey.exe on the client. Convert the generated public key to the character string required for the device.
Open the key.pub file required by SSH that is generated in the previous step.
Figure 4-14 ssh key converter page (1)Click Convert(C). You can see the public keys before and after conversion.
Figure 4-15 ssh key converter page (2)
# Enter the RSA public key generated on PC2 to the SSH server.[SSH Server] rsa peer-public-key rsakey001
[SSH Server-rsa-public-key] public-key-code begin
[SSH Server-rsa-key-code] 30818702 818100CD 1ACDD096 5E779319 F6A88F9E E7669F0A
[SSH Server-rsa-key-code] 5F898844 09961F38 7215B1D6 98380C6E B4A52BEF B421023D
[SSH Server-rsa-key-code] 3E6F9732 69FB08B8 2713BE30 8F587C07 80B37D5C 5D3D4E61
[SSH Server-rsa-key-code] 8F30F514 AEC917F8 F6D91F90 948D89CD F5E4ED58 E24AE5E7
[SSH Server-rsa-key-code] 6CA9CB13 713680AC C24265DA 33D4E7B2 B80A4CD9 FE897BC5
[SSH Server-rsa-key-code] 457A8D31 23B82692 93F3D7CE EFE74102 0125
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
# Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.
[SSH Server] ssh user client002 assign rsa-key rsakey001
- Enable the STelnet service on the SSH server.
# Enable the STelnet service.
[SSH Server] stelnet server enable
- Verify the configuration.
Log in to the SSH server as the user client001 from PC1 using the password authentication mode.
# Use the PuTTY software to log in to the device, enter the device IP address, and select the SSH protocol type.Figure 4-16 PuTTY Configuration page - password authentication mode# Click Open. Enter the user name and password at the prompt, and press Enter. You have logged in to the SSH server.
login as: client001 Sent username "client001" client001@10.137.217.203's password: <SSH Server>
Log in to the SSH server as the user client002 from PC2 using the RSA authentication mode.
# Use the PuTTY software to log in to the device, enter the device IP address, and select the SSH protocol type.
Figure 4-17 PuTTY Configuration page - RSA authentication mode (1)# Choose Connection > SSH in the navigation tree. The page shown in Figure 4-18 is displayed. Select 2 for Preferred SSH protocol version.
# Choose Connection > SSH > Auth in the navigation tree. The page shown in Figure 4-19 is displayed. Select the private.ppk file corresponding to the public key configured on the server.
# Click Open. Enter the user name at the prompt, and press Enter. You have logged in to the SSH server.login as: client002 Authenticating with public key "rsa-key" <SSH Server>
Configuration Files
SSH server configuration file
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
308186
028180
CD1ACDD0 965E7793 19F6A88F 9EE7669F 0A5F8988 4409961F 387215B1 D698380C
6EB4A52B EFB42102 3D3E6F97 3269FB08 B82713BE 308F587C 0780B37D 5C5D3D4E
618F30F5 14AEC917 F8F6D91F 90948D89 CDF5E4ED 58E24AE5 E76CA9CB 13713680
ACC24265 DA33D4E7 B2B80A4C D9FE897B C5457A8D 3123B826 9293F3D7 CEEFE741
0201
25
public-key-code end
peer-public-key end
#
aaa
local-user client001 password irreversible-cipher %^%#2q-i;<Y6_+.>\^UIkR&+N([=Zn:825o1I@U!wGN(ePj./p`m{;vlTs=x6>KX%^%#
local-user client001 privilege level 3
local-user client001 service-type ssh
local-user client002 password irreversible-cipher %^%#06\b>|9x2GmNErMG,euJ],|K5)e5MWg7%-;'}[d4/j@$YL'u#@;q:$M"bC$+%^%#
local-user client002 privilege level 3
local-user client002 service-type ssh
#
ssh user client002 assign rsa-key rsakey001
ssh user client002 authentication-type rsa
stelnet server enable
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 5
protocol inbound all
#
return
Example for Configuring the Device as the Telnet Client to Log In to Another Device
Networking Requirements
As shown in Figure 4-20, the PC and AC1 have reachable routes to each other; AC1 and AC2 have reachable routes to each other. The user needs to manage and maintain AC2 remotely. However, the PC cannot directly log in to AC2 through Telnet because it has no reachable route to AC2. The user can log in to AC1 through Telnet, and then log in to AC2 from AC1. To prevent unauthorized devices from logging in to AC2 through Telnet, an ACL needs to be configured to allow only the Telnet connection from AC1 to AC2.
Configuration Roadmap
The configuration roadmap is as follows:
- Configure the Telnet authentication mode and password on AC2.
- Configure the AC2 to allow AC1 access with ACL.
- Log in to AC2 from AC1 through Telnet.
Procedure
- Configure the Telnet authentication mode and password on AC2.
<HUAWEI> system-view[HUAWEI] sysname AC2
[AC2] user-interface vty 0 4[AC2-ui-vty0-4] user privilege level 15[AC2-ui-vty0-4] authentication-mode password[AC2-ui-vty0-4] set authentication password cipher Info: A plain text password is a string of 8 to 128 case-sensitive characters and must be a combination of at least two of the follo wing: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (including spaces and the following :`~!@#$ %^&*()-_=+\|[{}];:'",<.>/?). A cipher text password contains 68 characters. New Password: Confirm New Password:[AC2-ui-vty0-4] quit - Configure the AC2 to allow AC1 access with ACL.
[AC2] acl 2000[AC2-acl-basic-2000] rule permit source 10.1.1.1 0[AC2-acl-basic-2000] quit[AC2] user-interface vty 0 4[AC2-ui-vty0-4] acl 2000 inbound[AC2-ui-vty0-4] quitIt is optional to configure an ACL for Telnet services.
- Verify the configuration.
# After the preceding configuration, you can log in to AC2 from AC1 through Telnet. You cannot log in to AC2 from other devices.
<HUAWEI> system-view[HUAWEI] sysname AC1
[AC1] quit<AC1> telnet 10.2.1.1Press CTRL_] to quit telnet mode Trying 10.2.1.1 ... Connected to 10.2.1.1 ... Login authentication Password:
<AC2>
Configuration Files
AC2 configuration file
#
sysname AC2
#
acl number 2000
rule 5 permit source 10.1.1.1 0
#
user-interface vty 0 4
acl 2000 inbound
authentication-mode password
user privilege level 15
set authentication password cipher %^%#l^\e>'=8Z-0'Lj9+Ey,(FQ$=>ks/bOcBHC2uZ2n=zO)p0r[*"+=4QW6J7ZLL%^%#
#
return
Example for Configuring the Device as the STelnet Client to Log In to Another Device
Networking Requirements
The enterprise requires that secure data exchange be performed between the server and client. As shown in Figure 4-21, two login users client001 and client002 are configured and they use the password and ECC authentication modes respectively to log in to the SSH server. A new port number is configured and the default port number is not used.
Configuration Roadmap
The configuration roadmap is as follows:
Generate a local key pair on the SSH server to implement secure data exchange between the server and client.
Configure different authentication modes for the SSH users client001 and client002 on the SSH server.
Enable the STelnet service on the SSH server.
Configure the STelnet server type for the SSH users client001 and client002 on the SSH server.
Set the SSH server listening port number on the SSH server to prevent attackers from accessing the SSH service standard port and ensure security.
Log in to the SSH server as the users client001 and client002 through STelnet.
Procedure
- Generate a local key pair on the server.
<HUAWEI> system-view[HUAWEI] sysname SSH Server[SSH Server] ecc local-key-pair create
Info: The key name will be: SSH Server_Host_ECC. Info: The ECC host key named AC_Host_ECC already exists. Warning: Replace it? [Y/N]: y Info: The key modulus can be any one of the following: 256, 384, 521. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=256]:256 Info: Generating keys... Info: Succeeded in creating the ECC host keys.
- Create an SSH user on the server.
The following authentication modes are available for an SSH user: password, RSA, password-RSA, ECC, password-ECC, and all.
If the authentication mode is password, password-RSA, or password-ECC, configure a local user on the server with the same user name.
If the authentication mode is RSA, password-RSA, ECC, password-ECC, or all, save the RSA public key generated on the SSH client to the server.
# Configure the VTY user interface.
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound all
[SSH Server-ui-vty0-4] user privilege level 5
[SSH Server-ui-vty0-4] quit
Create an SSH user named client001.
# Create an SSH user named client001 and configure the password authentication mode for the user. Set the password of the user client001 to huawei@123.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password irreversible-cipher huawei@123
[SSH Server-aaa] local-user client001 privilege level 3
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001 authentication-type password
Create an SSH user named client002.
# Create an SSH user named client002 and configure the ECC authentication mode for the user.
[SSH Server] aaa
[SSH Server-aaa] local-user client002 password irreversible-cipher Hello@123
[SSH Server-aaa] local-user client002 privilege level 3
[SSH Server-aaa] local-user client002 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client002 authentication-type ecc
# Generate a local key pair for Client002.
<HUAWEI> system-view[HUAWEI] sysname client002[client002] ecc local-key-pair create
Info: The key name will be: SSH Server_Host_ECC. Info: The ECC host key named AC_Host_ECC already exists. Warning: Replace it? [Y/N]: y Info: The key modulus can be any one of the following: 256, 384, 521. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=256]:256 Info: Generating keys... Info: Succeeded in creating the ECC host keys.
# Check the public key in the ECC key pair generated on the client.[client002] display ecc local-key-pair public ===================================================== Time of Key pair created:2020-12-28 19:31:50+00:00 Key name : SSH Server_Host_ECC Key modulus : 256 Key type : ECC encryption Key Key fingerprint: ===================================================== Key code: 04FA6E19 8612822D 99D7D6BD A1DE7D4D BF659FB9 D2CF94D0 0CD2D032 D7DC7FEE DED3478F 0717BBA6 ED24F43A DDA5CA9C 9E05D7CD 57BC97E7 E24CD73B FBA7B251 3A Host public key for PEM format code: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPpuGYYSgi2Z 19a9od59Tb9ln7nSz5TQDNLQMtfcf+7e00ePBxe7pu0k9DrdpcqcngXXzVe8l+fi TNc7+6eyUTo= ---- END SSH2 PUBLIC KEY ---- Public key code for pasting into OpenSSH authorized_keys file : ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPpuGYYSgi2Z19a9od59Tb9ln7nSz5TQDNLQMtfcf+7e00ePBxe7pu0k9DrdpcqcngXXzVe8l+fiTNc7+6eyUTo= ecdsa-key# Copy the ECC public key (the information in bold in the display command output) generated on the client to the server.[SSH Server] ecc peer-public-key ecckey001 encoding-type pem
[SSH Server-ecc-public-key] public-key-code begin
[SSH Server-ecc-key-code] ---- BEGIN SSH2 PUBLIC KEY ----
[SSH Server-ecc-key-code] AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPpuGYYSg
[SSH Server-ecc-key-code] 19a9od59Tb9ln7nSz5TQDNLQMtfcf+7e00ePBxe7pu0k9DrdpcqcngXXzVe8l+fi
[SSH Server-ecc-key-code] TNc7+6eyUTo=
[SSH Server-ecc-key-code] ---- END SSH2 PUBLIC KEY ----
[SSH Server-ecc-key-code] public-key-code end
[SSH Server-ecc-public-key] peer-public-key end
# Bind the RSA public key of the STelnet client to the SSH user client002 on the SSH server.
[SSH Server] ssh user client002 assign ecc-key ecckey001
- Enable the STelnet service on the SSH server.
# Enable the STelnet service.
[SSH Server] stelnet server enable
- Configure a new listening port number on the SSH server.
[SSH Server] ssh server port 1025
- Connect the STelnet client to the SSH server.
# Enable the first authentication function on the SSH client upon the first login.
Enable the first authentication function for Client001.
<HUAWEI> system-view[HUAWEI] sysname client001[client001] ssh client first-time enable
Enable the first authentication function for Client002.
[client002] ssh client first-time enable
# Log in to the SSH server from Client001 in password authentication mode by entering the user name and password.
[client001] stelnet 10.1.1.1 1025
Please input the username:client001 Trying 10.1.1.1 ... Press CTRL+K to abort Connected to 10.1.1.1 ... The server is not authenticated. Continue to access it?[Y/N]:y Save the server's public key?[Y/N]:y The server's public key will be saved with the name 10.1.1.1. Please wait... Enter password:
Enter the password. The following information indicates that you have logged in successfully:
<SSH Server>
# Log in to the SSH server from Client002 in RSA authentication mode.
[client002] stelnet 10.1.1.1 1025 user-identity-key rsaPlease input the username: client002 Trying 10.1.1.1 ... Press CTRL+K to abort Connected to 10.1.1.1 ... The server is not authenticated. Continue to access it?(Y/N):y Save the server's public key?(Y/N):y The server's public key will be saved with the name 10.1.1.1. Please wait...
<SSH Server>
If the user view is displayed, you have logged in successfully. If the message "Session is disconnected" is displayed, the login fails.
- Verify the configuration.
Attackers fail to log in to the SSH server using the default listening port number 22.
[client002] stelnet 10.1.1.1
Please input the username:client002 Trying 10.1.1.1 ... Press CTRL+K to abort Error: Failed to connect to the remote host.Run the display ssh server status commands. You can see that the STelnet service has been enabled. Run the display ssh user-information command. Information about the configured SSH users is displayed.
# Check the status of the SSH server.
[SSH Server] display ssh server status
SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Disable Stelnet server :Enable SSH server port :1025
# Check information about SSH users.
[SSH Server] display ssh user-information
------------------------------------------------------------------------------- Username Auth-type User-public-key-name ------------------------------------------------------------------------------- client001 password null client002 ecc ecckey001 -------------------------------------------------------------------------------
Configuration Files
SSH server configuration file
# sysname SSH Server # ecc peer-public-key rsakey001 encoding-type pem public-key-code begin ---- BEGIN SSH2 PUBLIC KEY ---- AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPpuGYYSgi2Z 19a9od59Tb9ln7nSz5TQDNLQMtfcf+7e00ePBxe7pu0k9DrdpcqcngXXzVe8l+fi TNc7+6eyUTo= ---- END SSH2 PUBLIC KEY ---- public-key-code end peer-public-key end # aaa local-user client001 password irreversible-cipher %^%#}4BB(Lcn(<VPH+J-3TqAOmr<GK}K)+m(K>+p3XWPMhMW"Re)"R3E+F-rE6*0%^%# local-user client001 privilege level 3 local-user client001 service-type ssh local-user client002 password irreversible-cipher %^%#%B*Q"+bV%8NbV(B%Oc1*^<%SUfdbMFd#O/1Jn@;&m^[_@.&ov*)Pt\5<Znz@%^%# local-user client002 privilege level 3 local-user client002 service-type ssh # ssh user client002 assign ecc-key ecckey001 ssh user client002 authentication-type ecc stelnet server enable SSH server port 1025 # user-interface vty 0 4 authentication-mode aaa user privilege level 5 protocol inbound all # return
Client001 configuration file
# sysname client001 # ssh client first-time enable # return
Client002 configuration file
# sysname client002 # ssh client first-time enable # return
- Example for Logging In to the Device Through a Console Port
- Example for Logging In to the Device Through Telnet
- Example for Logging In to the Device Through STelnet
- Example for Configuring the Device as the Telnet Client to Log In to Another Device
- Example for Configuring the Device as the STelnet Client to Log In to Another Device