一、本地用戶Telnet登錄管理(模擬器實驗)
1、在配置之前要添加一個以太網接口,默認是橋接到本地的網卡上(建議添加一個微軟的邏輯口,並禁用本地物理網卡,讓它橋接到邏輯接口上) 也可以編輯路由器的配置文件“hardcfg.tcl”添加代碼“AddEthernet -index 1”,在啓動路由器即可!!
<H3C>format flash: //要想保存數據 ,必須格式化
All data on flash: will be lost , proceed with format ? [Y/N]:y
./
%Format flash: completed.
<H3C>system-view
[H3C]telnet server enable //啓動telnet服務
[H3C]password-control length 4 //默認密碼長度爲10,這裏設爲4
[H3C]local-user zzx //添加一個用戶
New local user added.
[H3C-luser-zzx]password simple admin //密碼
Updating user(s) information, please wait....
[H3C-luser-zzx]service-type telnet level 3 //服務類型 ,權限爲3 即管理級別(有的是命令authorization-attribute level 3)
[H3C-luser-zzx]quit
[H3C]user-interface vty 0 4 //設置同時登錄的用戶爲5個
[H3C-ui-vty0-4]authentication-mode scheme //驗證用戶名和密碼
[H3C-ui-vty0-4]quit
[H3C]inter Ethernet 0/1/0 //配置接口地址
[H3C-Ethernet0/1/0]ip add 192.168.10.10 255.255.255.0
缺省情況下,用戶使用Telnet方式登錄設備,通過口令驗證後,只能使用級別爲0的命令。 如果想使用1,2,3級別的命令可以配置super password xxxx 來實現
或者通過驗證密碼
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode password
[H3C-ui-vty0-4] set authentication password cipher 123
[H3C-ui-vty0-4] user privilege level 2 //在這裏指明級別
二、本地用戶console登錄管理
(不同之處)
[H3C-luser-zzx]service-type terminal //設置服務類型爲terminal
[H3C]user-interface con 0
[H3C-ui-vty0-4]authentication-mode scheme //設置scheme認證
三、SSH方式登錄管理
1、驗證方式爲pasword認證
[H3C]local-user zzx //創建本地賬號
[H3C-luser-zzx]password simple zzx123
[H3C-luser-zzx]service-type ssh //服務類型爲ssh
[H3C-luser-zzx]level 3 //級別爲3
[H3C]inter Ethernet 0/1/0 //配置接口地址
[H3C-Ethernet0/1/0]ip add 192.168.10.10 255.255.255.0
[H3C]ssh server enable //開啓ssh服務
[H3C]ssh user zzx service-type stelnet authentication-type password //SSH用戶client1的服務類型爲stelnet,即安全Telnet,使用密碼認證方式
[H3C]public-key local create rsa //生成本地密鑰對並指定密鑰長度
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
...++..++...++..++...++...++...++..++.+++++++++.+++++++
連接一下看看如下;
2、驗證方式爲公鑰認證
[H3C]public-key local create rsa //生成1024位的rsa本地密鑰對
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
...++..++...++..++...++...++...++..++.+++++++++.+++++++
<H3C>tftp 192.168.10.1 get Identity.pub //導入公鑰.(公鑰是用Secure CRT軟件創建的)
File will be transferred in binary mode
Downloading file from remote TFTP server, please wait...\
TFTP: 360 bytes received in 0 second(s)
File downloaded successfully.
<H3C>dir
Directory of flash:/
0 drw- - Mar 12 2013 13:11:12 logfile
1 -rw- 360 Mar 12 2013 15:17:09 identity.pub
2540 KB total (2507 KB free)
[H3C]public-key peer sshpub import sshkey Identity.pub //將導入的公鑰轉換爲RSA格式sshpub
[H3C]ssh server enable
[H3C]ssh user zzx service-type stelnet authentication-type publickey assign publickey sshpub
//SSH用戶zzx的服務類型爲stelnet、使用公鑰認證,並且爲該用戶名分配生成的公鑰sshpub
登錄時 勾掉”密碼”這一項
四、radius進行telnet驗證
[H3C]telnet server enable //打開Telnet服務器,缺省關閉,必須打開
[H3C]radius scheme telnetlogin //創建RADIUS方案
[H3C-radius-telnetlogin]primary authentication 192.168.10.1 //配置驗證的服務器地址與共享密鑰
[H3C-radius-telnetlogin]key authentication test
[H3C-radius-telnetlogin]user-name-format without-domain
[H3C-radius-telnetlogin]server-type standard
//Telnet用戶屬於Login類型,引用RADIUS方案test,不進行計費
[H3C]domain system
[H3C-isp-system]authentication login radius-scheme telnetlogin
[H3C-isp-system]authorization login radius-scheme telnetlogin
[H3C-isp-system]accounting optional
//設置scheme認證
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode sch
[H3C-ui-vty0-4]authentication-mode scheme
在配置相應的接口