华为 CE 系列交换机支持 SSH 远程管理,本文档介绍如何配置 SSH 服务以实现安全的远程登录。
<CE6800> system-view
Enter system view, return to user view with return command.
[CE6800]
[CE6800] snetconf server enable
[CE6800] rsa local-key-pair create
The key modulus can be 512, 768, 1024, 2048.
Modulus [default = 1024]:
Generating keys...
推荐使用 2048 位密钥以获得更好的安全性:
[CE6800] rsa local-key-pair create
The key modulus can be 512, 768, 1024, 2048.
Modulus [default = 1024]: 2048
Generating keys...
[CE6800] dsa local-key-pair create
The key modulus can be 512, 768, 1024.
Modulus [default = 1024]:
Generating keys...
[CE6800] aaa
[CE6800-aaa] local-user admin password cipher <password>
[CE6800-aaa] local-user admin privilege level 15
[CE6800-aaa] local-user admin service-type ssh
[CE6800-aaa] quit
其中 <password> 为实际密码。
[CE6800] aaa
[CE6800-aaa] authentication-scheme default
[CE6800-aaa-authen-default] authentication mode local
[CE6800-aaa-authen-default] quit
[CE6800-aaa] quit
[CE6800] ssh server version 2
[CE6800] ssh server port 22
[CE6800] ssh server timeout 300
[CE6800] ssh server max-connections 5
[CE6800] interface vlan-interface 1
[CE6800-Vlan-interface1] ip address 192.168.1.1 255.255.255.0
[CE6800-Vlan-interface1] quit
[CE6800] line vty 0 4
[CE6800-line-vty0-4] protocol inbound ssh
[CE6800-line-vty0-4] quit
[CE6800] save
The current configuration will be saved to the device.
Are you sure? [Y/N]: y
[CE6800] display ssh server status
[CE6800] display rsa local-key-pair public-key
[CE6800] display aaa local-user
ssh admin@192.168.1.1
使用 PuTTY、XShell 等 SSH 客户端,配置如下:
编辑配置文件,修改用户密码:
[CE6800] aaa
[CE6800-aaa] local-user admin password cipher <new_password>
[CE6800-aaa] quit
然后保存配置:
[CE6800] save
编辑配置文件,删除用户:
[CE6800] aaa
[CE6800-aaa] undo local-user admin
[CE6800-aaa] quit
然后保存配置:
[CE6800] save
[CE6800] undo snetconf server enable
[CE6800] save
检查以下几点:
display ssh server statusdisplay interface vlan-interfaceping 192.168.1.1display aaa local-userdisplay ssh server timeoutssh server timeout 600