Huawei SSH, console configuration

Set Console password

* ****************************

User-interface Console 0

Authentication-mode Password

Set Authentication Password Cipher * * *

***********************************

Delete Default User

* ***********************************

User-interface vty 0 4

Undo Set Authentication Password

Undo User Privilege Level

Create an SSH user *

******************

RSA Local-key-pair Create

User-interface vty 0 4

User Privilege Level 3

Authentication-mode

AAA Protocol Inbound SSH

SSH user admin

SSH user admin authentication-type password

Stelnet Server Enable

SSH user admin Service-type stelnet AAA

Local-user Admin Password Cipher * * *

Local-user admin Service-type SSH

add an SSH user *

***************************

SSH User * * * authentication-type password

SSH User * * * service-type stelnet

AAA Local-user * * * Password cipher * * *

Local-user * * * service-type SSH

Local-user Guest Level 1 (requires this command when creating a guest user)

AAA Undo Local-user * * *

****************************

SSH ACL Settings *

****************************

ACL number 2001 rule permit source IP address or network address

Rule deny User-interface vty 0 4

ACL 2001 Inbound

ACL number 2001

Undo Rule 10

Rule Ten permit source 10.3.0.0 0.0.0.255

-------------------------------------------------------------------------

3. configuration steps (SSH authentication method is password authentication)

[Quidway] RSA Local-key-pair Create

& Note: You can skip this operation if you have previously completed the configuration to generate a local key pair.

[Quidway] user-interface vty 0 4

[Quidway-ui-vty0-4] Authentication-modescheme

[quidway-ui-vty0-4] Protocol inbound SSH

[Quidway] Local-user client001

[quidway-luser-client001] Password Simplehuawei

[quidway-luser-client001] Service-type SSH

[Quidway] SSH user client001authentication-type password

SSH Authentication Timeout, number of retries, and server key update time can take system defaults, and after these configurations are complete, you can run SSH1.5 client software on other terminals connected to the Ethernet switch , with the user name client001, password Huawei, has access to the Ethernet switch.

[Email protected] ~]#
on the switchSystem-viewgenerate local key under View,the number of digits is1024
[H3C]Rsalocal-key-pair Create
The Local-key-pair would be created.
The range of public key size is (512 ~ 2048).
Notes:if the key modulus is greater than 512,
It'll take a few minutes.
Input the bits in the Modulus[default = 1024]:
Generating keys ...
......++++++
........................++++++
.. done!
[H3C]
OK,we can do it now .SSHto the switch..


attachedH3CSwitchSSHthe basic configuration.
Local-user Root
Password Simple 66070511
Service-type ssh telnet
Level 3
SSH user root Authentication-type All
SSH user root Service-type stelnet
#
User-interface aux 0
User-interface vty 0 4
Authentication-mode scheme
User Privilege Level 3
Protocol Inbound SSH
#

H3C Engineer Configuration

& Description:

If you have previously completed the configuration to generate the local key, you can skip this step.

(2) set the user login authentication method.

The following two authentication methods are configured separately.

L Password certification.

# Set the authentication mode on the user interface to AAA authentication.

[Quidway] user-interface vty 0 4

[Quidway-ui-vty0-4] Authentication-modescheme

# The login protocol for the specified user client001 is SSHand the authentication method is password.

[quidway-ui-vty0-4] Protocol INBOUNDSSH// can not be configured here , the default is to support all , including ssh,telnet, etc. , Default All ( otherwise SSH cannot log in)

[Quidway] Local-user client001

[quidway-luser-client001] Password Simplehuawei

[Quidway] SSH user client001authentication-type password

6500 Some software versions can only support the version of SSH is 1.5, please select the correct client version when using. Currently only supported as SSH server, not as an ssh client, 31XX version can support SSH2.0, can be used as server and client.

2300 Series Support ssh1.x

This article is from the "Five Corners" blog, please be sure to keep this source http://hi289.blog.51cto.com/4513812/1832549

Huawei SSH, console configuration