SSH登录协议相比TELNET会更比较安全,所以可以给交换机开启SSH,使用SSH登录需要做如下配置:
1、在服务器端生成本地密钥对:
[Quidway]rsa local-key-pair create The key name will be: Quidway_Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, it will take a few minutes. Input the bits in the modulus[default = 2048]:2048 Generating keys... .....................+++ ........................+++ .................................++++++++ ..........................++++++++
2、在服务器端配置VTY用户界面:
[Quidway] user-interface vty 0 4 [Quidway-ui-vty0-4] authentication-mode aaa [Quidway-ui-vty0-4] protocol inbound ssh (如果需要telnet和ssh同时开启此处需要改为:protocol inbound all) [Quidway-ui-vty0-4] quit
3、在服务器端配置ssh用户的用户名和密码
[Quidway] aaa [Quidway-aaa] local-user user1 password cipher huawei [Quidway-aaa] local-user user1 privilege level 3 [Quidway-aaa] local-user user1 service-type ssh telnet (如果需要telnet服务,此处可以加两个) [Quidway-aaa] quit
4、使能STelnet功能,并配置用户的服务类型为STelnet
[Quidway] ssh user user1 service-type stelnet [Quidway] stelnet server enable [Quidway] ssh user user1 authentication-type password [Quidway] quit