因為telnet缺少安全的認證方式 在傳輸過程中采用tcp明文傳輸 存在安全隐患。所以出現了stelnet（secure telnet的簡稱）可以在一個傳統不安全的網絡中 server通過對client的認證和雙向數據加密，為網絡提供安全的telnet服務

實驗：用路由器r1模拟pc 作為client。路由器r2作為server。模拟r1遠程登陸r2.通過password認證來實現

<Huawei>

May 6 2018 12:36:00-08:00 Huawei %
IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt

hernet0/0/0 has turned into UP state.

<Huawei>sy

Enter system view, return user view with Ctrl Z.

[Huawei]sysname server 修改設備名稱

[server]rsa loc

[server]rsa local-key-pair c

[server]rsa local-key-pair create 生成rsa主機密鑰

The key name will be: Host

% RSA keys defined for Host already exist.

Confirm to replace them? (y/n)[n]:y

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Input the bits in the modulus[default = 512]:y

% Invalid number, the range is (512 ~ 2048).

[server]ste

[server]stelnet serv

[server]stelnet server en

[server]stelnet server enable ssh設備默認是關閉的所以需要開啟

Info: Succeeded in starting the STELNET server.

[server]user

[server]user-group

[server]user-interface vty 0 4 進入接口

[server-ui-vty0-4]auth

[server-ui-vty0-4]authentication-mode aaa

[server-ui-vty0-4]pro

[server-ui-vty0-4]protocol in

[server-ui-vty0-4]protocol inbound ssh 設置使用ssh 默認關閉telnet

[server-ui-vty0-4]q

[server]aaa

[server-aaa]loc

[server-aaa]local-user admin pass

[server-aaa]local-user admin password cip

[server-aaa]local-user admin password cipher hello

[server-aaa]local-user admin password cipher hello pri

[server-aaa]local-user admin password cipher hello privilege lev

[server-aaa]local-user admin password cipher hello privilege level 3 設置用戶名 密碼 級别

[server-aaa]loc

[server-aaa]local-user admin ser

[server-aaa]local-user admin service-type ssh 将aaa下的模式設置為ssh

[server-aaa]q

[server]ssh user admin auth

[server]ssh user admin authentication-type pass

[server]ssh user admin authentication-type password 設置用戶驗證方式為password

Authentication type setted, and will be in effect next time

[server]int g0/0/0

[server-GigabitEthernet0/0/0]ip add 10.1.1.254 24

[server-GigabitEthernet0/0/0]

May 6 2018 12:38:42-08:00 server %
IFNET/4/LINK_STATE(l)[1]:The line protocol

IP on the interface GigabitEthernet0/0/0 has entered the UP state.

[server-GigabitEthernet0/0/0]q

[server]

[server]

May 6 2018 12:43:50-08:00 server %
IFPDT/4/IF_STATE(l)[5]:Interface GigabitEt

hernet0/0/0 has turned into DOWN state.

[server]

<Huawei>sy

Enter system view, return user view with Ctrl Z.

[Huawei]sysname client

[client]ssh client fi

[client]ssh client first-time en

[client]ssh client first-time enable 開啟ssh用戶認證

[client]int g0/0/0

[client-GigabitEthernet0/0/0]ip add 10.1.1.1 24

May 6 2018 12:39:36-08:00 client %
IFNET/4/LINK_STATE(l)[0]:The line protocol

IP on the interface GigabitEthernet0/0/0 has entered the UP state.

[client-GigabitEthernet0/0/0]q

配置完成後進行驗證 在r1上stelnet 10.1.1.254

[Huawei]sysname client

[client]ste

[client]stelnet 10.1.1.254

Please input the username:admin

Trying 10.1.1.254 ...

Press CTRL K to abort

Connected to 10.1.1.254 ...

Enter password:

-----------------------------------------------------------------------------

User last login information:

-----------------------------------------------------------------------------

Access Type: SSH

IP-Address : 10.1.1.1 ssh

Time : 2018-05-06 13:07:21-08:00

-----------------------------------------------------------------------------

<server>sy

Enter system view, return user view with Ctrl Z.

[server]

更多精彩资讯请关注tft每日頭條，我们将持续为您更新最新资讯!