14.3 SSH

图片[1]-14.3 SSH-大赛人网
图14-10 SSH配置网络拓扑

1.查看R3当前公钥(主机和服务器)

[R1]display rsa local-key-pair public 
=====================================================
Time of Key pair created: 2007-08-25 16:35:02-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
  0240
    C974420D DD712C58 36A67819 362FEB9C 9C17E326
    24101B32 C272F9C9 E3CD06EB C2C73F7C BC89A0E0
    994995EF 7885F359 57B25237 3D441556 A050F823
    6087E121 
  0203
    010001

=====================================================
Time of Key pair created: 2007-08-25 17:11:59-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
  0260
    C1102C7B 2CAB4FAB CD7DCD2C 32D0CCE6 8B995872
    2AD83815 39F82B8F 2680B89C A02A8A92 655894E7
    48B382E7 B17616E5 01C1B8ED 1D5C7CC3 FFF7453F
    E0304E50 D4DBE481 E3CDF7E1 6665569A AC5DEBAE
    DC7B048B B954F568 1432935B 92AADCB5   
  0203                                    
    010001       

2.R3创建公钥

[R3]rsa local-key-pair create 
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
........++++++++++++
.....++++++++++++
....++++++++
..++++++++

3.查看R3当前公钥

[R3]display rsa local-key-pair public

=====================================================
Time of Key pair created: 2023-02-14 08:52:23-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
  0240
    BF2BAEB1 98C7A535 168F7D9A FA704D96 242CF943
    FF9D1B80 F1C40DC1 4EAFE30D C762D75A 2C4466B9
    15B74827 882922C2 211ADA95 7CD9283D F22E8CEE
    D887319D 
  0203
    010001

=====================================================
Time of Key pair created: 2023-02-14 08:52:24-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
  0260
    A46AE236 62A29E2D 66D23A25 516A2F74 93B95482
    E9551357 87B16FFB 920F53E9 92878A3B C01329CB
    58E0AC89 9EB32E62 D3B70E7D D61A0D5A 9B47328B
    3A687589 99AD3899 9242D7C1 F8A246D9 28A80468
    34275937 D7F69751 73BD027D 83591CF5   
  0203                                    
    010001      

4.R3设置VTY认证方式AAA,入接口协议为SSH

[R3]user-interface vty 0 4
[R3-ui-vty0-4]authentication-mode aaa 
[R3-ui-vty0-4]protocol inbound ssh
[R3]aaa
[R3-aaa]local-user dsrw.com password cipher dsrw
 //创建本地用户dsrw.com
[R3-aaa]local-user dsrw.cn password cipher dsrw  
//创建本地用户dsrw.cn
[R3-aaa]local-user dsrw.com privilege level 3
//设置用户等级
[R3-aaa]local-user dsrw.cn privilege level 3 
//设置用户等级
[R3-aaa]local-user dsrw.com service-type ssh
//设置登录方式为SSH
[R3-aaa]local-user dsrw.cn service-type ssh 
//设置登录方式为SSH
[R3]ssh user dsrw.com authentication-type password
//设置SSH认证模式为password
[R3]ssh  user dsrw.cn authentication-type rsa 
//设置SSH认证模式为rsa
[R3]stelnet server enable 
//使能stelnet服务
[R3]ssh server port 1025
//修改端口

5.R1使用dsrw.com登录

[R1]ssh client first-time enable
[R1]stelnet 123.1.1.3 1025
Please input the username:dsrw.com
Trying 123.1.1.3 ...
Press CTRL+K to abort
Connected to 123.1.1.3 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Feb 14 2023 09:07:39-08:00 R1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server had not been authenticated in the process of exchanging keys. When deciding whether to continue, the user chose Y. 
[R1]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 123.1.1.3. Please wait...

Feb 14 2023 09:07:43-08:00 R1 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whether to save the server's public key 123.1.1.3, the user chose Y. 
[R1]
Enter password:
<R3>

6.R2生创建公钥

[R2]rsa local-key-pair create 
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...++++++++++++
..............++++++++++++
..............++++++++
.........++++++++

7.查看并复制Host公钥

[R2]display rsa local-key-pair public 

=====================================================
Time of Key pair created: 2023-02-14 09:09:28-08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
  0240
    BE7D0639 11C2D2C7 97CB4660 034DAF94 4A4524E7
    9549947D 50DE8462 C29CFE63 940C5C0F 610B3C6D
    54593200 C943BC7C CD809611 DFBAF5B4 F4AEBC1C
    4AC484EF 
  0203
    010001

=====================================================
Time of Key pair created: 2023-02-14 09:09:30-08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
  0260
    C7BF8242 31AD0941 3263CA3F 955B3BD0 B31A1625
    D4522F95 5ABDA7E8 E26BCC0A 42048E0A 5058CEEF
    230F2720 EC3092CD 60003301 9B46FB2E 1D01D530
    E3121D7C 43EDDB4A 67235FB1 927037FD E1753989
    FEDC9C47 5513827C 94FD22F2 3ADF960F   
  0203                                    
    010001 

9.R3创建保存R2公钥的文件

[R3]rsa peer-public-key dsrw
[R3-rsa-public-key]public-key-code begin 
Enter "RSA key code" view, return last view with "public-key-code end".
[R3-rsa-key-code]3047
[R3-rsa-key-code]
[R3-rsa-key-code]  0240
[R3-rsa-key-code] 
[R3-rsa-key-code]    BE7D0639 11C2D2C7 97CB4660 034DAF94 4A4524E7
[R3-rsa-key-code]
[R3-rsa-key-code]    9549947D 50DE8462 C29CFE63 940C5C0F 610B3C6D
[R3-rsa-key-code]
[R3-rsa-key-code]    54593200 C943BC7C CD809611 DFBAF5B4 F4AEBC1C
[R3-rsa-key-code]
[R3-rsa-key-code]    4AC484EF
[R3-rsa-key-code]
[R3-rsa-key-code]  0203
[R3-rsa-key-code]
[R3-rsa-key-code]    010001
[R3-rsa-key-code]public-key-code end
[R3-rsa-public-key]peer-public-key end 
图片[2]-14.3 SSH-大赛人网
图14-11  创建密钥文件

10.登录账户与公钥文件配对

[R3]ssh user dsrw.cn assign rsa-key dsrw

11.R2使用dsrw.cn账户不需要密码登录SSH

[R2]ssh client first-time enable 
[R2]stelnet 123.1.1.3 1025
Please input the username:dsrw.cn
Trying 123.1.1.3 ...
Press CTRL+K to abort
Connected to 123.1.1.3 ...
<R3>
© 版权声明
THE END
喜欢就支持一下吧
点赞14 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容