华为路由器，交换机console，telnet，ssh登录方式配置，eNSP模拟

路由器交换机等网络设备现在普遍的登录方式有以下几种：

按照协议区分可以划分为三类：console口登录；telnet登录；ssh登录。

接下来我们分别对这三类登录方式进行密码配置，并对三种方式的优劣进行描述：

密码配置有两种，一种为单纯密码验证，不需要用户名，直接输入密码就可以登录。还有一种为aaa登录方式，这种需要配置用户名和密码，相比之下第二种则相对安全一些。

1、console口登录（优点本地登录配置相对比较安全，缺点不能远程通过console登录）：配置新购入设备时，第一次需要用console线连接到console口上进行连接。连接完成后我们进行密码配置。

单纯密码验证配置

第一步配置密码：

Please press enter to start cmd line!

The device has not been started!

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sys AR1

[AR1]user-in

[AR1]user-interface con

[AR1]user-interface console 0 进入console接口配置模式

[AR1-ui-console0]au

[AR1-ui-console0]authentication-mode pa

[AR1-ui-console0]authentication-mode password 设置验证模式为密码

Please configure the login password (maximum length 16):huawei 设置密码为huawei

[AR1-ui-console0]user pr

[AR1-ui-console0]user privilege le 15 设置权限级别为最高级（console配置下默认为最高级，可以不输）

[AR1-ui-console0]q

[AR1]

第二步验证密码：

AAA验证配置：

第一步配置密码：

sys

Enter system view, return user view with Ctrl+Z.

[huawei]sys

[huawei]sysname AR1

[AR1]aaa

[AR1-aaa]local-u

[AR1-aaa]local-user ceshi pa 新建本地用户为ceshi

[AR1-aaa]local-user ceshi password ci

[AR1-aaa]local-user ceshi password cipher pr 设置密码为密文模式

[AR1-aaa]local-user ceshi password cipher huawei pr 设置密码为huawei

[AR1-aaa]local-user ceshi password cipher huawei privilege le

[AR1-aaa]local-user ceshi password cipher huawei privilege level 15 设置新建用户ceshi的权限为15级最高级

Info: Add a new user.

[AR1-aaa]local

[AR1-aaa]local-user ceshi ser

[AR1-aaa]local-user ceshi service-type ter

[AR1-aaa]local-user ceshi service-type terminal 设置ceshi这个用户将服务于terminal协议

[AR1-aaa]q

[AR1]user-in

[AR1]user-interface con 0

[AR1-ui-console0]au

[AR1-ui-console0]authentication-mode aaa 配置验证方式为aaa验证

[AR1-ui-console0]q

[AR1]

第二步验证密码：

2、telnet登录（优点可以远程登录配置；验证方式配置简单。缺点数据通过明文传输，安全性不高）

单纯密码验证配置

第一步配置密码：

The device is running!

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sys AR2

[AR2]user-in

[AR2]user-interface vty 0 4

[AR2-ui-vty0-4]user pr

[AR2-ui-vty0-4]user privilege le 15 配置用户权限等级为最高等级

[AR2-ui-vty0-4]set au

[AR2-ui-vty0-4]set authentication pa

[AR2-ui-vty0-4]set authentication password ci 配置验证方式为密码认证

[AR2-ui-vty0-4]set authentication password cipher huawei 配置密码为huawei

[AR2-ui-vty0-4]pr

[AR2-ui-vty0-4]protocol inb

[AR2-ui-vty0-4]protocol inbound telnet 允许telnet协议通过

[AR2-ui-vty0-4]q

[AR2]int g0/0/0

[AR2-GigabitEthernet0/0/0]ip add 192.168.1.1 24 配置接口地址和掩码

Sep 12 2023 10:34:22-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP

on the interface GigabitEthernet0/0/0 has entered the UP state.

[AR2-GigabitEthernet0/0/0]q

[AR2]

第二步验证密码：

The device is running!

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sys AR1

[AR1]int g0/0/0

[AR1-GigabitEthernet0/0/0]ip add 192.168.1.2 24 配置接口地址和掩码

Sep 12 2023 10:35:16-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP

on the interface GigabitEthernet0/0/0 has entered the UP state.

[AR1-GigabitEthernet0/0/0]q

[AR1]q

telnet 192.168.1.1 通过telnet远程AR2

Press CTRL_] to quit telnet mode

Trying 192.168.1.1 ...

Connected to 192.168.1.1 ...

Login authentication

Password: 输入密码huawei

AAA验证配置：

第一步配置密码：

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sy AR2 改名

[AR2]int g0/0/0 进入接口g0/0/0

[AR2-GigabitEthernet0/0/0]ip add 192.168.1.1 24 配置接口地址和掩码

[AR2-GigabitEthernet0/0/0]q

[AR2]aaa 进入aaa配置模式

[AR2-aaa]loc

[AR2-aaa]local-user ceshi pa 新建本地用户ceshi

[AR2-aaa]local-user ceshi password ci 设置密码为密文

[AR2-aaa]local-user ceshi password cipher huawei pr 设置密码为huawei

[AR2-aaa]local-user ceshi password cipher huawei privilege le

[AR2-aaa]local-user ceshi password cipher huawei privilege level 15 设置当前用户命令等级为最高级

Info: Add a new user.

[AR2-aaa]local

[AR2-aaa]local-user ceshi ser

[AR2-aaa]local-user ceshi service-type telnet 设置新建用户ceshi将对telnet协议生效

[AR2-aaa]q

[AR2]user-in

[AR2]user-interface vty 0 4 进入虚拟接口0-4共五个接口

[AR2-ui-vty0-4]au

[AR2-ui-vty0-4]authentication-mode aaa 配置接口验证模式为aaa验证

[AR2-ui-vty0-4]pr

[AR2-ui-vty0-4]protocol in

[AR2-ui-vty0-4]protocol inbound telnet 配置当前接口可以通过telnet协议

[AR2-ui-vty0-4]q

[AR2]

第二步验证密码：

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sy AR1

[AR1]int g0/0/0 进入接口g0/0/0

[AR1-GigabitEthernet0/0/0]ip add 192.168.1.2 24 配置接口地址和掩码

[AR1-GigabitEthernet0/0/0]q

[AR1]q

telnet 192.168.1.1 在用户模式下测试telnet AR2

Press CTRL_] to quit telnet mode

Trying 192.168.1.1 ...

Connected to 192.168.1.1 ...

Login authentication

Username:ceshi 输入用户名ceshi

Password: 输入密码huawei（输入密码时，输入的密码不显示）

成功远程连接到AR2的设备

3、ssh登录（优点可以远程登录配置；密文传输数据，安全性高。缺点验证配置相对复杂）

AAA验证配置（ssh不支持单纯密码验证）

第一步配置密码：（在eNSP中做ssh实验时建议使用交换机）

sys

Enter system view, return user view with Ctrl+Z.

[huawei]sys LSW2

[LSW2]int vlan 1

Sep 11 2023 11:25:33-08:00 LSW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2

5.191.3.1 configurations have been changed. The current change number is 6, the

change loop count is 0, and the maximum number of records is 4095.

[LSW2-Vlanif1]ip add 192.168.1.1 24 进入接口vlan1配置地址和掩码

[LSW2-Vlanif1]

Sep 11 2023 11:25:44-08:00 LSW2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol I

P on the interface Vlanif1 has entered the UP state.

[LSW2-Vlanif1]q

[LSW2]

Sep 11 2023 11:25:53-08:00 LSW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2

5.191.3.1 configurations have been changed. The current change number is 7, the

change loop count is 0, and the maximum number of records is 4095.

[LSW2]info

[LSW2]info

[LSW2]undo info-center enable 关闭信息中心，可以不输入

Info: Information center is disabled.

[LSW2]stelnet server en 打开ssh服务

Info: Succeeded in starting the Stelnet server.

[LSW2]ssh user ceshi au 新建ssh用户名为ceshi

[LSW2]ssh user ceshi auth

[LSW2]ssh user ceshi authentication-type pa

[LSW2]ssh user ceshi authentication-type password 设置用户ceshi的验证方式为密码

Info: Succeeded in adding a new SSH user.

[LSW2]ssh user ceshi ?

assign Set the key

authentication-type Authentication type

authorization-cmd Authorization mode

service-type Set service type

sftp-directory Set SFTP directory

[LSW2]ssh user ceshi ser

[LSW2]ssh user ceshi service-type ?

all Set all service type

sftp Set SFTP service type

stelnet Set Stelnet service type

[LSW2]ssh user ceshi service-type stel

[LSW2]ssh user ceshi service-type stelnet 配置ceshi将服务ssh协议华为中ssh=stelnet

[LSW2]aaa

[LSW2-aaa]loca

[LSW2-aaa]local-user ceshi pa 新建本地用户ceshi，这里新建的用户名要与之前ssh中创建的用户名一致

[LSW2-aaa]local-user ceshi password ci

[LSW2-aaa]local-user ceshi password cipher huawei pr

[LSW2-aaa]local-user ceshi password cipher huawei privilege le

[LSW2-aaa]local-user ceshi password cipher huawei privilege level 15

Info: Add a new user.

[LSW2-aaa]local-user ceshi ser

[LSW2-aaa]local-user ceshi service-type ssh 配置新建用户ceshi将服务于那个协议

[LSW2-aaa]q

[LSW2]user-in

[LSW2]user-interface vty 0 4

[LSW2-ui-vty0-4]au

[LSW2-ui-vty0-4]aut

[LSW2-ui-vty0-4]authentication-mode aaa 配置验证方式为aaa验证

[LSW2-ui-vty0-4]pr

[LSW2-ui-vty0-4]protocol inb

[LSW2-ui-vty0-4]protocol inbound ssh 允许通过协议ssh的数据

[LSW2-ui-vty0-4]q

[LSW2]

第二步验证密码：

The device is running!

sys

Enter system view, return user view with Ctrl+Z.

[Huawei]sys

[Huawei]sysname LSW1

[LSW1]

Sep 11 2023 11:30:03-08:00 LSW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2

5.191.3.1 configurations have been changed. The current change number is 4, the

change loop count is 0, and the maximum number of records is 4095.

[LSW1]undo info-center en 关闭信息中心，可以不用输入

Info: Information center is disabled.

[LSW1]int vlan1

[LSW1-Vlanif1]ip add 192.168.1.2 24 进入vlan1接口下配置地址和掩码

[LSW1-Vlanif1]ping 192.168.1.1 测试数据连通性

PING 192.168.1.1: 56 data bytes, press CTRL_C to break

Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=80 ms

Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=50 ms

Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=40 ms

Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=60 ms

Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=30 ms

--- 192.168.1.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 30/52/80 ms

[LSW1-Vlanif1]q

[LSW1]stel

[LSW1]stelnet ser en 打开ssh协议

Info: Succeeded in starting the Stelnet server.

[LSW1]ssh c

[LSW1]ssh client fi

[LSW1]ssh client first-time en 第一次使用ssh，加载ssh客户端

[LSW1]stelnet 192.168.1.1 使用ssh连接LSW2，华为中ssh=stelnet

Please input the username:ceshi 输入用户名ceshi

Trying 192.168.1.1 ...

Press CTRL+K to abort

Connected to 192.168.1.1 ...

The server is not authenticated. Continue to access it? [Y/N] :y 同意进行链接

Save the server's public key? [Y/N] :y 同意保存公共钥匙

The server's public key will be saved with the name 192.168.1.1. Please wait...

Enter password: 输入密码huawei

Info: The max number of VTY users is 5, and the number

of current VTY users on line is 1.

The current login time is 2023-09-11 11:32:58.