华为、华三、思科、锐捷网络设备远程登录配置

目录

一、华为Stelnet登录配置

二、华三Stelent登录配置

三、思科SSH登录配置

四、锐捷SSH登录配置

一、华为Stelnet登录配置

#查看SSH状态#

[Server]dis ssh server status

SSH Version : 2.0

SSH authentication timeout (Seconds) : 60

SSH authentication retries (Times) : 3

SSH server key generating interval (Hours) : 0

SSH version 1.x compatibility : Disable

SSH server keepalive : Enable

STELNET IPv4 server : Disable

STELNET IPv6 server : Disable

SSH port forwarding : Disable

SSH IPv4 server port : 22

SSH IPv6 server port : 22

#开启stelnet服务#

[Server]stelnet server enable

Info: Succeeded in starting the STelnet server.

Warning: After configuring the source interface or source address, the IPV4/IPV6 listening socket will be created.

#再次查看SSH状态，可以看到STELNET服务已开启#

[Server]dis ssh server status

SSH Version : 2.0

SSH authentication timeout (Seconds) : 60

SSH authentication retries (Times) : 3

SSH server key generating interval (Hours) : 0

SSH version 1.x compatibility : Disable

SSH server keepalive : Enable

STELNET IPv4 server : Enable

STELNET IPv6 server : Enable

SSH port forwarding : Disable

SSH IPv4 server port : 22

SSH IPv6 server port : 22

#在aaa视图下新建用户并设置密码#

[Server-aaa]local-user admin password irreversible-cipher Huawei@123

Error: The username length must be greater than or equal to six characters.

#如上错误提示是针对用户名的强校验，此时需要关闭针对用户名的强校验#

[Server-aaa]local-aaa-user user-name complexity-check disable

Warning: Local user name complexity check has been disabled, there is a security risk.

#再次新建用户并设置密码，成功创建#

[Server-aaa]local-user admin password irreversible-cipher Huawei@123

Info: The initial password of admin must be changed during login.

#配置用户需要访问的服务类型#

[Server-aaa]local-user admin service-type ?

ftp FTP user

http HTTP user

snmp Snmp user

ssh SSH user

telnet Telnet user

terminal Terminal user

[Server-aaa]local-user admin service-type ssh terminal telnet http

#定义用户的级别#

[Server-aaa]local-user admin privilege level 3

Warning: This operation may affect online users and will change the user privilege level, Continue? [Y/N]:y

#查看aaa视图下的完整配置#

[Server-aaa]dis this

aaa

local-aaa-user user-name complexity-check disable

local-user admin password irreversible-cipher $1d$kwi;U'G~XFBS{a6w$myBP2oMUKOs,TOM|LN\1-&ExSiYx-1zqn$.Wjk.W$

local-user admin privilege level 3

local-user admin service-type telnet terminal ssh http

#在VTY视图下配置认证模式是基于aaa且访问协商是SSH#

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

#在全局定义SSH用户的认证方式和访问服务的类型#

[Server]ssh user admin authentication-type password

Info: Succeeded in adding a new SSH user.

[Server]ssh user admin service-type stelnet

#默认下SSH服务的所有端口已关闭，需要开启SSH服务的端口。部分版本没有默认关闭#

undo ssh server-source all-interface

undo ssh ipv6 server-source all-interface

[Server]ssh server-source all-interface

#在Client上进行Stelnet测试#

[Client]stelnet 10.0.1.1

Trying 10.0.1.1 ...

Press CTRL + K to abort

Connected to 10.0.1.1 ...

Error: Failed to verify the server's public key.Use command "ssh client first-time enable" enable first-time

or use "-force-receive-pubkey" option in this command and try again.

Info: Session is disconnected.

#如上提示报错，则需要在Client端上开启如下功能。此只针对华为交换机需要，针对PC终端或者友商产品可直接访问#

[Client]ssh client first-time enable

#在Client上再次进行Stelnet测试#

[Client]stelnet 10.0.1.1

Trying 10.0.1.1 ...

Press CTRL + K to abort

Connected to 10.0.1.1 ...

The server's key fingerprint is ssh-rsa 3072 O+309N1uJOyBoKzCxFNqlysdjDJHmdsgu2pbOjDeBhg.

The server is not authenticated. Continue to access it? [Y/N]: y

Save the server's public key? [Y/N]: n

Please input the username: admin

Enter password:

Warning: The initial password poses security risks.

The password needs to be changed, Continue? [Y/N]:n

Info: The connection was closed by the remote host.

[Client]

#如上提示需要修改密码，选择Y就需要修改密码后登录；选择N就直接关闭Stelnet连接。一般不想修改密码后登录，则在Client登录Server前需要在Server的aaa视图下关闭强制修改密码功能。针对不同版本灵活处理。#

[Server-aaa]local-user admin password-force-change disable

Warning: Disabling th

local-aaa-user user-name complexity-check disable

local-user admin password irreversible-cipher $1d$kwi;U'G~XFBS{a6w$myBP2oMUKOs,TOM|LN\1-&ExSiYx-1zqn$.Wjk.W$

local-user admin password-force-change disable

local-user admin privilege level 3

local-user admin service-type telnet terminal ssh http

#在Client上再次进行Stelnet测试，登录成功#

[Client]stelnet 10.0.1.1

Trying 10.0.1.1 ...

Press CTRL + K to abort

Connected to 10.0.1.1 ...

The server's key fingerprint is ssh-rsa 3072 O+309N1uJOyBoKzCxFNqlysdjDJHmdsgu2pbOjDeBhg.

The server is not authenticated. Continue to access it? [Y/N]: y

Save the server's public key? [Y/N]: n

Please input the username: admin

Enter password:

Info: Password will expire in: 90 days.

Info: The max number of VTY users is 5, the number of current VTY users online is 1, and total number of terminal users online is 2.

The current login time is 2026-05-12 07:04:32.

<Server>

二、华三Stelent登录配置

#生成本地密钥对，根据实际选择模式#
[SSH Server]public-key local create dsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys.....
Create the key pair successfully.
#H3C上Stelnet服务是与SSH服务关联的，默认SSH服务关闭#
[SSH Server]display ssh server status
SSH is not configured.
#开启SSH服务#
[SSH Server]ssh server enable
#查看SSH服务，且发现Stelnet服务已开启#
[SSH Server]dis ssh server status
Stelnet server: Enable
SSH version : 2.0
SSH authentication-timeout : 60 second(s)
SSH server key generating interval : 0 hour(s)
SSH authentication retries : 3 time(s)
SFTP server: Disable
SFTP Server Idle-Timeout: 10 minute(s)
NETCONF server: Disable
SCP server: Disable
#创建设备管理类本地用户，并设置密码，服务访问类型及账户权限管理权限，现网灵活调整#
local-user admin class manage
password simple 密码
service-type ssh
authorization-attribute user-role network-admin（level-15）
#建立SSH用户，并指定SSH用户的认证方式（可选），不进行此配置也能正常ssh访问服务端#
ssh user admin service-type stelnet authentication-type password
#进入VTY用户线视图，配置认证方式（默认支持password方式，scheme方式是需要有用户名和密码的，如上已设置）、支持协议（默认是telnet和SSH，不同设备灵活处理）#
line vty 0 4
authentication-mode scheme

#网络设备客户端直接访问SSH服务端#

ssh 10.0.1.1
Username: user1
Press CTRL+C to abort.
Connecting to 10.0.1.1 port 22.
The server is not authenticated. Continue? [Y/N]:y
Do you want to save the server public key? [Y/N]:n
user1@10.0.1.1's password:
Enter a character ~ and a dot to abort.
******************************************************************************
* Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************

<SSH Server>

三、思科SSH登录配置

#生成本地密钥对，根据实际选择模式#

en

conf t
crypto key generate rsa
2048
#开启SSH服务并设置版本，其他SSH服务设置#

conf t
ip ssh version 2
ip ssh time-out 5
#配置登录的用户名和密码#

conf t
username uer1 privilege 15 password 密码
#进入line视图声明使用本地用户登录#

conf t
line vty 0 4
login local
transport input ssh

#网络设备上登录SSH Server#

Router#ssh -l user1 10.0.1.1

Password:

R1#

四、锐捷SSH登录配置

#开启SSH服务器功能#

conf t

enable service ssh-server

#配置登录的用户名和密码#

conf t

username 用户名 password 密码

#在线路上开启本地用户认证#

conf t

line vty 0 4

login local

以上整理信息仅是个人经验总结，如有出入，烦请指正交流，感谢！