H3C SSH Remote Management login configuration

1, Introduction to SSH

SSH is the abbreviation of Secure Shell. SSH is a security protocol based on the application layer. SSH is a reliable protocol designed to provide security for remote login sessions and other network services. Using SSH protocol can effectively prevent information disclosure in the process of remote management. SSH was originally a program on UNIX system, and then quickly extended to other operating platforms. SSH can make up for loopholes in the network when used correctly. SSH client is applicable to a variety of platforms.

Traditional network service programs, such as FTP, pop and Telnet, are inherently insecure, because they transmit passwords and data in plaintext on the network. People with ulterior motives can easily intercept these passwords and data. Moreover, the security verification methods of these service programs also have their weaknesses, that is, they are vulnerable to the attack of "man-in-the-middle". The so-called "middleman" attack means that the "middleman" pretends to be a real server to receive the data you send to the server, and then pretends to be you to send the data to the real server. After the data transmission between the server and you is tampered with by the "middleman", there will be serious problems. By Using SSH, you can encrypt all the transmitted data, so that the "man in the middle" attack can not be realized, and it can also prevent DNS spoofing and IP spoofing. Another additional advantage of Using SSH is that the transmitted data is compressed, so it can speed up the transmission speed. SSH has many functions. It can not only replace Telnet, but also provide a safe "channel" for FTP, pop and even PPP.


2, Experimental topology



3, Configuration requirements

The PC can remotely manage the switch of the computer room through SSH protocol in the intranet. In this experimental environment, a switch is used to simulate PC.


4, Configuration steps

1. Start SSH service on SW

[SW]ssh server enable

 2. Configure the user name and password of ssh service

User name admin, password admin

[SW]local-user admin
New local user added.
[SW-luser-manage-admin]password simple admin

3. Change the user's permission to network management level

Network admin is the most senior administrator privilege

[SW-luser-manage-admin]authorization-attribute user-role network-admin

4. Configure the protocol that the user can manage as ssh

[SW-luser-manage-admin]service-type ?
  ftp       FTP service
  http      HTTP service type
  https     HTTPS service type
  pad       X.25 PAD service
  ssh       Secure Shell service
  telnet    Telnet service
  terminal  Terminal access service
[SW-luser-manage-admin]service-type ssh

5. Set the authentication mode of SSH client login user interface to scheme mode

[SW]line vty 0 63
[SW-line-vty0-63]authentication-mode scheme 

6. Configure IP address to make PC and switch interworking in Intranet

[SW]interface Vlan-interface 1
[SW-Vlan-interface1]ip a 24
[PC]interface Vlan-interface 1
[PC-Vlan-interface1]ip a 24


5, Configuration verification

Username: admin
Press CTRL+C to abort.
Connecting to port 22.
admin@'s password: 
Enter a character ~ and a dot to abort.
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent,                                 *
* no decompiling or reverse-engineering shall be allowed.                    *

ssh, telnet and other protocols are very simple, but almost every project must be configured. Therefore, you can write the configuration script in advance, change the IP, user name and password in the script, and brush the script directly when you use it.

The script is as follows:

line vty 0 63
 authentication-mode scheme
 user-role network-operator
 ssh server enable
local-user admin class manage
 password simple admin
 service-type ssh
 authorization-attribute user-role network-admin



Follow me to get this configuration project, more configuration cases, the latest film and television and common office software

Keywords: network security Cyber Security switch H3C

Added by hanhao on Thu, 10 Feb 2022 05:00:55 +0200