问小白 wenxiaobai
资讯
历史
科技
环境与自然
成长
游戏
财经
文学与艺术
美食
健康
家居
文化
情感
汽车
三农
军事
旅行
运动
教育
生活
星座命理

SSH实验(ENSP模拟器实现)

创作时间:
作者:
@小白创作中心

SSH实验(ENSP模拟器实现)

引用
CSDN
1.
https://blog.csdn.net/weixin_46008548/article/details/140476195

SSH(Secure Shell)是一种加密的网络协议,用于安全地远程登录和管理网络设备。本文将通过ENSP模拟器,详细介绍如何在路由器上配置SSH服务,包括创建密钥对、启用SSH服务器进程、设置AAA参数以及客户端访问等步骤。

概念

SSH全称安全外壳(Secure Shell)协议,这个协议的目的就是为了取代缺乏机密性保障的远程管理协议,SSH基于TCP协议的加密通道,让客户端使用服务器的RSA公钥来验证SSHv2服务器的身份。

创建密钥对

在充当SSH服务器的路由器上创建本地密钥对;本例中是AR1充当服务器,AR4充当客户端。

密钥对是一个公钥一个密钥,信息用公钥加密就用私钥解密,服务器会将公钥给客户端,客户端使用私钥加密数据之后,数据只能服务器的私钥才能解开,确保了数据安全性。

[AR1]rsa local-key-pair create  
The key name will be: Host  
% RSA keys defined for Host already exist.  
Confirm to replace them? (y/n)[n]:y  
The range of public key size is (512 ~ 2048).  
NOTES: If the key modulus is greater than 512,  
It will take a few minutes.  
Input the bits in the modulus[default = 512]:512  
Generating keys...  
.............++++++++++++  
.++++++++++++  
................................................................................  
.................++++++++  
.........++++++++  

启用SSH服务器进程

路由器默认 SSH服务是没开启的,需要手动开启。

[AR1]stelnet server enable  
Info: Succeeded in starting the STELNET server.  

修改VTY虚拟接口的入站协议

SSH协议支持的认证模式只有aaa

[AR1]user-interface vty 0 4  
[AR1-ui-vty0-4]authentication-mode aaa  
# VTY接口允许接受的入站协议修改为SSH  
[AR1-ui-vty0-4]protocol inbound ssh  

设置aaa参数

创建的用户名为user1,密码为huawei

[AR1]aaa  
[AR1-aaa]local-user user1 password cipher huawei  
Info: Add a new user.  
# 指定这个用户使用的协议,只能是ssh  
[AR1-aaa]local-user user1 service-type ssh  

设置SSH的认证类型

[AR1]ssh user user1 authentication-type ?  
all All authentication, password or RSA  
password Password authentication  
password-rsa Both password and RSA  
rsa RSA authentication  
[AR1]ssh user user1 authentication-type password  
Authentication type setted, and will be in effect next time  

AR4(client)访问AR1(Server)

尝试连接时系统提示错误同时要求管理员运行, "ssh client first-time enable" 才能开启首次访问功能,没有这条命令那么服务器发给客户端的公钥,客户端无法保存,所以这才命令在SSH客户端上必不可少。

[AR4]stelnet 192.168.28.1  
Please input the username:user1  
Trying 192.168.28.1 ...  
Press CTRL+K to abort  
Connected to 192.168.28.1 ...  
Error: Failed to verify the server's public key.  
Please run the command "ssh client first-time enable"to enable the first-time ac  
cess function and try again.  
# 会报错  
启用SSH首次访问功能并连接SSH服务器  
[AR4]ssh client first-time enable  
[AR4]stelnet 192.168.28.1  
Please input the username:user1  
Trying 192.168.28.1 ...  
Press CTRL+K to abort  
Connected to 192.168.28.1 ...  
The server is not authenticated. Continue to access it? (y/n)[n]:y  
Mar 28 2023 17:25:32-08:00 AR4 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server h  
ad not been authenticated in the process of exchanging keys. When deciding wheth  
er to continue, the user chose Y.  
[AR4]  
Save the server's public key? (y/n)[n]:y  
The server's public key will be saved with the name 192.168.28.1. Please wait...  
Mar 28 2023 17:25:34-08:00 AR4 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whet  
her to save the server's public key 192.168.28.1, the user chose Y.  
[AR4]  
Enter password:  
<AR1>  

查看SSH状态、SSH访问情况

在服务器上查看SSH状态,显示SSH的版本,显示SSH的功能是否启用

[AR1] display ssh server status  
SSH version :1.99  
SSH connection timeout :60 seconds  
SSH server key generating interval :0 hours  
SSH Authentication retries :3 times  
SFTP Server :Disable  
Stelnet server :Enable  

查看会话

[AR1] display ssh server session  
--------------------------------------------------------------------  
Conn Ver Encry State Auth-type Username  
--------------------------------------------------------------------  
VTY 1 2.0 AES run password user1  
--------------------------------------------------------------------  
[AR1]  
© 2023 北京元石科技有限公司 ◎ 京公网安备 11010802042949号