MSR30-16 ssh 配置命令
//生成1024位的rsa本地密钥对
[H3C]public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:1024
Generating Keys...
+++++++++++
+++++++++++++++++++++++++
+++++
+++++++++
MSR关键配置脚本
//并发配置用户数量为5
[H3C]configure-user count 5
//用于登录的用户名root、密码root和登录类型SSH、登录优先级3
[H3C]local-user root
[H3C-luser-root]password simple root
[H3C-luser-root]service-type ssh
[H3C-luser-root]authorization-attribute level 3
//SSH服务器配置,
[H3C]ssh server enable
//SSH用户client1的服务类型为stelnet,即安全Telnet,使用密码认证方式
[H3C]ssh user client1 service-type stelnet authentication-type password
[H3C]user-interface vty 0 4
//vty登录用户需要进行aaa认证
[H3C-ui-vty0-4]authentication-mode scheme
------------------------------------------------------------------------------------------------------------------------------------------2010-08-27 12:39
配置Router作为SSH服务器
1] 生成RSA及DSA密钥对,并启动SSH服务器。
<Router> system-view
[Router] public-key local create rsa
[Router] public-key local create dsa
[Router] ssh server enable
2] 配置接口Ethernet1/1的IP地址,客户端将通过该地址连接SSH服务器。
[Router] interface GigabitEthernet0/3
[Router-GigabitEthernet0/3] ip address 172.21.33.253 255.255.255.128
[Router-GigabitEthernet0/3] quit
3] 设置SSH客户端登录用户界面的认证方式为AAA认证。
[Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode scheme
[Router-ui-vty0-4] protocol inbound ssh
[Router-ui-vty0-4] quit
# 创建本地用户client001,并设置用户访问的命令级别为3。
[Router] local-user ssh01
[Router-luser-ssh01] password cihper xxxxx
[Router-luser-ssh01] service-type ssh
[Router-luser-ssh01] authorization-attribute level 3
[Router-luser-ssh01] quit
附:H3C MSR5006配置
#
version 5.20, Release 1809P01
#
sysname Router
#
super password level 3 cipher V0T^_X)GN+OQ=^Q`MAF4<1!!
#
domain default enable system
#
dar p2p signature-file flash:/p2p_default.mtd
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
---- More ---- [16D [16D authorization-attribute level 3
service-type telnet
local-user ssh01
password cipher ,-Z#Q<W,PK3Q=^Q`MAF4<1!!
authorization-attribute level 1
service-type ssh
#
interface Aux0
async mode flow
link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
#
interface GigabitEthernet0/2
port link-mode route
#
interface GigabitEthernet0/3
---- More ---- [16D [16D port link-mode route
ip address 172.21.33.253 255.255.255.128
#
interface GigabitEthernet0/0
port link-mode bridge
#
ssh server enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
protocol inbound ssh
#
return
[Router]
