Set Console password
* ****************************
User-interface Console 0
Authentication-mode Password
Set Authentication Password Cipher * * *
***********************************
Delete Default User
* ***********************************
User-interface vty 0 4
Undo Set Authentication Password
Undo User Privilege Level
Create an SSH user *
******************
RSA Local-key-pair Create
User-interface vty 0 4
User Privilege Level 3
Authentication-mode
AAA Protocol Inbound SSH
SSH user admin
SSH user admin authentication-type password
Stelnet Server Enable
SSH user admin Service-type stelnet AAA
Local-user Admin Password Cipher * * *
Local-user admin Service-type SSH
add an SSH user *
***************************
SSH User * * * authentication-type password
SSH User * * * service-type stelnet
AAA Local-user * * * Password cipher * * *
Local-user * * * service-type SSH
Local-user Guest Level 1 (requires this command when creating a guest user)
AAA Undo Local-user * * *
****************************
SSH ACL Settings *
****************************
ACL number 2001 rule permit source IP address or network address
Rule deny User-interface vty 0 4
ACL 2001 Inbound
ACL number 2001
Undo Rule 10
Rule Ten permit source 10.3.0.0 0.0.0.255
-------------------------------------------------------------------------
3. configuration steps (SSH authentication method is password authentication)
[Quidway] RSA Local-key-pair Create
& Note: You can skip this operation if you have previously completed the configuration to generate a local key pair.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] Authentication-modescheme
[quidway-ui-vty0-4] Protocol inbound SSH
[Quidway] Local-user client001
[quidway-luser-client001] Password Simplehuawei
[quidway-luser-client001] Service-type SSH
[Quidway] SSH user client001authentication-type password
SSH Authentication Timeout, number of retries, and server key update time can take system defaults, and after these configurations are complete, you can run SSH1.5 client software on other terminals connected to the Ethernet switch , with the user name client001, password Huawei, has access to the Ethernet switch.
[Email protected] ~]#
on the switchSystem-viewgenerate local key under View,the number of digits is1024
[H3C]Rsalocal-key-pair Create
The Local-key-pair would be created.
The range of public key size is (512 ~ 2048).
Notes:if the key modulus is greater than 512,
It'll take a few minutes.
Input the bits in the Modulus[default = 1024]:
Generating keys ...
......++++++
........................++++++
.. done!
[H3C]
OK,we can do it now .SSHto the switch..
attachedH3CSwitchSSHthe basic configuration.
Local-user Root
Password Simple 66070511
Service-type ssh telnet
Level 3
SSH user root Authentication-type All
SSH user root Service-type stelnet
#
User-interface aux 0
User-interface vty 0 4
Authentication-mode scheme
User Privilege Level 3
Protocol Inbound SSH
#
H3C Engineer Configuration
& Description:
If you have previously completed the configuration to generate the local key, you can skip this step.
(2) set the user login authentication method.
The following two authentication methods are configured separately.
L Password certification.
# Set the authentication mode on the user interface to AAA authentication.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] Authentication-modescheme
# The login protocol for the specified user client001 is SSHand the authentication method is password.
[quidway-ui-vty0-4] Protocol INBOUNDSSH// can not be configured here , the default is to support all , including ssh,telnet, etc. , Default All ( otherwise SSH cannot log in)
[Quidway] Local-user client001
[quidway-luser-client001] Password Simplehuawei
[Quidway] SSH user client001authentication-type password
6500 Some software versions can only support the version of SSH is 1.5, please select the correct client version when using. Currently only supported as SSH server, not as an ssh client, 31XX version can support SSH2.0, can be used as server and client.
2300 Series Support ssh1.x
This article is from the "Five Corners" blog, please be sure to keep this source http://hi289.blog.51cto.com/4513812/1832549
Huawei SSH, console configuration