September 20, 2023
Please click "Subscribe", don't miss and share different intellectual knowledge with you every day!
In Remote mode, as long as network is available, you can use telnet to log in, telnet uses TCP port 23 for communication, and telnet uses a client + server architecture;
However, Telnet uses plain text to transfer data, and for security reasons, you should use SSH (Secure Shell protocol) .
We know that Telnet uses clear text to transmit usernames and passwords, which is an insecure protocol. Let's look at it by capturing packets;
When user connects to device via Telnet.
Caught username.
User password intercepted.
SSH is currently most secure remote login session, and other networks provide secure protocol transfers.
Let's look at an example SSH configuration:
Configuring SSH Login on Switch SW2
browse system
[Huawei]Vlanif 1 interface
[Huawei-Vlanif1]IP address 192.168.56.2 24
1. Set VTY[Huawei]vty 0 4 UI
[Huawei-ui-vty0-4]aaa authentication mode
[Huawei-ui-vty0-4]incoming ssh protocol
2. Set up AAA authentication[Huawei]aaa
[Huawei-aaa]Huawei local user administrator password cipher
[Huawei-aaa]local user admin service-type ssh
[Huawei-aaa]local user admin level 3
[Huawei-aaa]q
3. Enable SSH[Huawei]stelnet server enable
4. Add an SSH user[Huawei]ssh user admin authentication type password
[Huawei]ssh user admin service type stelnet
[Huawei]
5. Set up RSA encryption[Huawei]Creating a local rsa key pair
Check key generation status:
[Huawei]Display public local rsa key pair
View Configuration
[Huawei]display ssh user info for admin
6. Test input
We use CRT software to test SSH login configuration
Welcome to +, your support is my biggest motivation!
