前言
- SSH认证中 RSA/DSA/ECC 都是基于客户端私钥 在配置时需要将客户端生成的公钥部分拷贝输入至服务器中,服务器用此公钥对数据进行加密
- 客户端生成的公钥要与服务器生成的私钥类型一直
- 可以同时采取密钥+密码的形式增加安全性
- SSH密钥基本配置:创建本地私钥,导入对端公钥,修改SSH认证方式,用户指定密钥
网络拓扑
实验需求
实验要求 本地主机通过rsa证书远程访问S1设备 S1设备导入本地主机公钥 本地主机通过xshell登录 本地主机地址192.168.56.10 交换机地址192.168.56.1
SSH配置
ssh server enable
interface Vlan-interface 1
ip address 192.168.56.1 24
line vty 0 4
authentication-mode scheme
protocol inbound ssh
local-user admin
authorization-attribute user-role network-admin
service-type ssh
password simple !QAZ2wsx3edc
sftp server enable
host生成公钥
密钥配置
# 创建私钥
public-key local create rsa
--------------------------------------------------------------
The local key pair already exists.
Confirm to replace it? [Y/N]:y
The range of public key modulus is (512 ~ 4096).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:1024
Generating Keys...
.
Create the key pair successfully.
--------------------------------------------------------------
# 引入本地主机公钥并给定名称为host
public-key peer host import sshkey id_rsa_1024_ssh.pub
# ssh用户admin认证类型为密钥且指定密钥为host
ssh user admin service-type stelnet authentication-type publickey assign pub
lickey host
