配置华为交换机ssh方式登录

LAB2： 配置SSH登陆（Passworkd认证）
1.配置VTY界面的认证方式和协议
[HW_FW]user-interface vty 0 4
[HW_FW-ui-vty0-4]authentication-mode aaa
[HW_FW-ui-vty0-4]protocol inbound ssh
2.创建SSH用户，认证方式为password
[HW_FW]ssh user sshuser
[HW_FW]ssh user sshuser authentication-type password
3.配置Client的密码为C1sco123，服务方式为ssh
[HW_FW]aaa
[HW_FW-aaa]local-user sshuser password cipher C1sco123
[HW_FW-aaa]local-user sshuser service-type ssh
4.生成密钥对
[HW_FW]rsa local-key-pair create
20:30:02 2014/06/02
The key name will be: HW_FW_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 768]:2048
Generating keys...
.......++++++
...++++++
..........................................++++++++
..............++++++++
5.启用STelent/SFTP服务
[HW_FW]stelnet server enable
[HW_FW]sftp server enable
6.启用STelnet和SFTP
[HW_FW]ssh user sshuser service-type stelnet
[HW_FW]ssh user sshuser service-type sftp
注：如果用户采用SFTP服务登录时，需要执行ssh user sftp-directory命令，配置SSH用
户的SFTP服务授权目录。
7.SSH Client通过STtelnet/SFTP方式连接SSH Server
a.第一次登录，需要激活SSH客户端首次认证功能
[R1]ssh client first-time enable
[SSH.C]stelnet 202.100.1.10
22:00:53 2014/06/02
Please input the username:sshuser
Trying 202.100.1.10 ...
Press CTRL+K to abort
Connected to 202.100.1.10 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 202.100.1.10. Please wait...
Enter password:
***********************************************************
* Copyright (C) 2010-2013 Huawei Technologies Co., Ltd. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
* Notice: *
* This is a private communication system. *
* Unauthorized access or use may lead to prosecution. *
***********************************************************
Note: The max number of VTY users is 5, and the current number
of VTY users on line is 1.
1.查看SSH状态信息
HW_FW]display ssh server status
21:19:13 2014/06/02
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval : 0 hours
SSH authentication retries : 3 times
SFTP server : Enable
STELNET server : Enable
2.查看SSH用户信息
[HW_FW]display ssh user-information
User 1:
User Name : cisco
Authentication-type : password
User-public-key-name : -
Sftp-directory : -
Service-type : sftp
Authorization-cmd

: No