华为华三思科交换机设置SSH登录
华为交换机:
1.开启stelnet服务
2.生成本地密钥对;
3.配置远程登录的认证模式aaa和远程登录的协议ssh
3.配置aaa的本地用户用户supadmin(设置密码、命令级别、服务类型);
4.配置SSH用户supadmin认证类型为password和服务类型为STelnet;
sy
stelnet server enable
rsa local-key-pair create
2048
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
aaa
local-user supadmin password cipher [emailprotected]
local-user supadmin privilege level 3
local-user supadmin service-type ssh
ssh user supadmin authentication-type password
ssh user supadmin service-type stelnet
华三交换机:
1.开启ssh服务
2.生成本地密钥对;
3.配置远程登录的认证模式scheme(aaa)和远程登录的协议ssh
3.配置aaa的本地用户用户supadmin(设置密码、命令级别、服务类型);
4.配置SSH用户supadmin认证类型为password和服务类型为STelnet;
sy
ssh server enable
public-key local create rsa
2048
user-interface vty 0 4
authentication-mode scheme
protocol inbound ssh
local-user supadmin
password simple [emailprotected]
authorization-attribute level 3
service-type ssh
ssh user supadmin service-type stelnet authentication-type password
需要限制远程管理的IP的情况下,需要设置一个acl(看情况)华为为例:
acl 3000
rule permit ip source 192.18.88.1 0.0.0.0
rule permit ip source 172.16.66.0 0.0.0.255
user-int vty 0 4
acl 3000 inbound
思科交换机:
enable
configure terminal
enable sec [emailprotected]
hostname SW1
ip ssh time-out 60
ip ssh authentication-retries 3
ip domain-name
crypto key generate rsa
2048
username supadmin secret [emailprotected]
line vty 0 4
transport input ssh
login local
说明:基本上可以认为相同密钥长度的 RSA 算法与 DSA 算法安全性相当,二选一。
华为华三思科交换机设置SSH登录
