CCNP(ISCW)实验：配置SSH安全远程登录

原创

starshomes 2021-03-11 09:58:00 ©著作权

©著作权归作者所有：来自51CTO博客作者starshomes的原创作品，谢绝转载，否则将追究法律责任

第一步：配置R1和R2，和pc使pc和R1，R1和R2能正常通信 R1(config)#int e1/0 R1(config-if)#ip add 192.168.10.1 255.255.255.0 R1(config-if)#no sh R1(config-if)#int e0/0 R1(config-if)#ip add 12.0.0.1 255.255.255.0 R1(config-if)#no sh

R2(config)#int e0/0 R2(config-if)#ip add 12.0.0.2 255.255.255.0 R2(config-if)#no sh

R1(config)#hostname Bob //配置设备的名称

R1(config)#ip domain-name http://www.norvel.com.cn/blog/user1/21267/index.html
//配置域名，以上两步为了生成公钥和密钥

Bob(config)#username admin privilege 15 password admin

Bob(config)#crypto key generate rsa general-keys modulus ? <360-2048> size of the key modulus [360-2048]

Bob(config)#crypto key generate rsa general-keys modulus 2048 The name for the keys will be: Bob.http://www.norvel.com.cn/blog/user1/21267/index.html

% The key modulus size is 2048 bits % Generating 2048 bit RSA keys ...[OK]

第二步：查看生成的公钥和私钥 Bob#show crypto key mypubkey rsa % Key pair was generated at: 00:07:30 UTC Mar 1 1993 Key name: Bob.http://www.norvel.com.cn/blog/user1/21267/index.html Usage: General Purpose Key Key is not exportable. Key Data: 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00CC98D3 423F6DB5 6A099DD0 2B79D403 6811AAEF 1E0B834E CD8306CE 2B9CD737 BFF5EC5F B85A6051 64D7B86E F8DB906E FA278DAE 5B6A69C7 41042A68 E9F1275F AD15E476 92B9321D 39A9600F 035A74A5 B16886E8 56A9C0A9 CFE76493 25B2B4E1 CB90D057 2EE1E421 0E688F51 545759AB 14EA5543 02A06777 B391E956 8B223E9D 4EE12012 1328A985 05091241 86B1DCE4 919BA58A 2B66EFF0 962858C0 48EAC0D6 69873AF2 EF7487BD E26792E9 BF149B78 3F374449 E0138DAD 6070C6C5 3F4C1F41 530020BB 0105C1A1 8E9D10A2 18EA2C99 5B7F18F3 4FBA5100 BC7708D1 F506549F 9D54862A B5B0BB81 CE351953 6817F5BB 41FCC525 65348414 658E788A C37BDE98 9B020301 0001 % Key pair was generated at: 00:07:32 UTC Mar 1 1993 Key name: Bob.http://www.norvel.com.cn/blog/user1/21267/index.html.server Usage: Encryption Key Key is not exportable. Key Data: 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00CEC3EE 6440DB88 2B11E342 3D340293 1CC1DFD8 961A77B0 8A54565F 6EED598D 1AC5CE47 85227AE7 A69A213E 580057D2 F591F198 770091E7 67696200 D853533E 17B56E41 504F55F3 F9B3BB2A 5F50A91B 2D15C263 A76C5079 246F0C1D DA9297D4 4D020301 0001

第三步：在vty 下调用 Bob(config)#line vty 0 4 Bob(config-line)#transport input ssh ? lapb-ta LAPB Terminal Adapter lat DEC LAT protocol mop DEC MOP Remote Console Protocol pad X.3 PAD rlogin Unix rlogin protocol telnet TCP/IP Telnet protocol udptn UDPTN async via UDP protocol v120 Async over ISDN <cr>

Bob(config-line)#transport input ssh Bob(config-line)#login local