Telnet的三种登录认证方式实例讲解

华为配置远程的主要命令说明

 1 [yinzhengjie]aaa
 2 [yinzhengjie-aaa]local-user yinzhengjie password cipher 123
 3 [yinzhengjie-aaa]local-user yinzhengjie privilege level 15
 4 [yinzhengjie-aaa]local-user yinzhengjie service-type telnet
 5 [yinzhengjie-aaa]quit
 6 [yinzhengjie]user-interface vty 0 4
 7 [yinzhengjie-ui-vty0-4]authentication-mode aaa 
 8 [yinzhengjie-ui-vty0-4]user privilege level 15
 9 [yinzhengjie-ui-vty0-4]protocol inbound telnet 
10 [yinzhengjie-ui-vty0-4]quit 
11 [yinzhengjie]telnet server enable

 

一.华为创建telnet的三种验证方式

首先,我们可以简单的看一个拓扑图,让我们可以在亦庄的路由器上对双桥的路由器进行操作。

1.无验证登录(none方式)

给需要远程的路由器配置一个互联的IP地址即可:

1 “亦庄机房”配置如下:
2 [Huawei]interface Ethernet 0/0/1
3 [Huawei-Ethernet0/0/1]ip address 172.30.1.1 24
4 [Huawei-Ethernet0/0/1]undo shutdown     
5 [Huawei-Ethernet0/0/1]quit 
6 [huawei]sysname yizhuang

在需要远程的路由器上需要开启Telnet服务:

“双桥机房”配置如下:
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]ip address 172.30.1.2 24
[Huawei-Ethernet0/0/1]undo shutdown         
[Huawei-Ethernet0/0/1]quit  
[Huawei]telnet server enable   #开启telnet功能
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode none  #设置认证模式
[Huawei-ui-vty0-4]user privilege level 3 #指定登录账号的级别
10[huawei]sysname shuangqiao

测试:

 1 [yizhuang]interface Ethernet 0/0/1
 2 [yizhuang-Ethernet0/0/1]display this   #查看当前接口信息
 4 interface Ethernet0/0/1
 5  ip address 172.30.1.1 255.255.255.0
 7 return
 8 [yizhuang-Ethernet0/0/1]ping 172.30.1.2   #检查是否能和互联地址ping通
 9   PING 172.30.1.2: 56  data bytes, press CTRL_C to break
10     Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=40 ms
11     Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms
12     Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms
13     Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=50 ms
14     Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms
16   --- 172.30.1.2 ping statistics ---
17     5 packet(s) transmitted
18     5 packet(s) received
19     0.00% packet loss
20     round-trip min/avg/max = 20/38/50 ms
22 [yizhuang-Ethernet0/0/1]quit 
23 [yizhuang]quit 
24 <yizhuang>telnet 172.30.1.2  #远程双桥地址
25 Trying 172.30.1.2 ...
26 Press CTRL+K to abort
27 Connected to 172.30.1.2 ...
29 Info: The max number of VTY users is 10, and the number
30       of current VTY users on line is 1.
31       The current login time is 2017-04-18 18:15:39.
32 <shuangqiao>  #登录成功,显示的双桥的主机名
33 <shuangqiao>

很显然:上面不用输入任何信息就能登录,没有安全性可言,谁都能远程你的设备,所以,这种配置我们一般不采取,除非我们在做实验的时候会用,好吧~anyway,忘记它吧。

2.基于用户名验证(password登录方式)

清华园路由器配置:

1 “清华园机房”配置如下:
2 <Huawei>system-view 
3 [Huawei]interface Ethernet 0/0/1
4 [Huawei-Ethernet0/0/1]ip address 172.30.1.1 24
5 [Huawei-Ethernet0/0/1]undo shutdown
6 [Huawei]sysname qinghuayuan

廊坊路由器配置:

 1 “廊坊机房”配置如下:
 2 <Huawei>system-view 
 3 [Huawei]sysname langfang
 4 [langfang]interface Ethernet 0/0/1
 5 [langfang-Ethernet0/0/1] ip address 172.30.1.2 24
 6 [langfang-Ethernet0/0/1]undo shutdown 
 7 [langfang-Ethernet0/0/1]quit 
 8 [langfang]telnet server enable 
 9 [langfang]user-interface vty 0 4
10 [langfang-ui-vty0-4]authentication-mode password  #认证模式
11 [langfang-ui-vty0-4]set authentication password simple  yinzhengjie #设置明文密码是“yinzhengjie”

测试结果如下:

 1 [qinghuayuan-Ethernet0/0/1]display this 
 3 interface Ethernet0/0/1
 4  ip address 172.30.1.1 255.255.255.0
 6 return
 7 [qinghuayuan-Ethernet0/0/1]ping 172.30.1.2
 8   PING 172.30.1.2: 56  data bytes, press CTRL_C to break
 9     Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
10     Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=50 ms
11     Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms
12     Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=60 ms
13     Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms
15   --- 172.30.1.2 ping statistics ---
16     5 packet(s) transmitted
17     5 packet(s) received
18     0.00% packet loss
19     round-trip min/avg/max = 30/48/60 ms
21 [qinghuayuan-Ethernet0/0/1]
22 <qinghuayuan>telnet 172.30.1.2
23 Trying 172.30.1.2 ...
24 Press CTRL+K to abort
25 Connected to 172.30.1.2 ...
28 Login authentication
31 Password:  #在此处输入密码
32 Info: The max number of VTY users is 10, and the number
33       of current VTY users on line is 1.
34       The current login time is 2017-04-18 18:28:18.
35 <langfang>  #密码输出正确登录成功
36 <langfang>

3.基于用户名和密码验证

兆维机房配置如下:

 1 “兆维机房”配置如下:
 2 <Huawei>system-view 
 3 [Huawei]sysname zhaowei
 4 [zhaowei]interface Ethernet 0/0/1
 5 [zhaowei-Ethernet0/0/1]ip address 172.30.1.1 24
 6 [zhaowei-Ethernet0/0/1]undo shutdown 
 7 [zhaowei-Ethernet0/0/1]display this 
 9 interface Ethernet0/0/1
10  ip address 172.30.1.1 255.255.255.0
12 return
13 [zhaowei-Ethernet0/0/1]
14 [zhaowei-Ethernet0/0/1]quit

鲁谷机房配置如下:

 1 “鲁谷机房”配置如下:
 2 <Huawei>system-view 
 3 [Huawei]sysname lugu
 4 [lugu]interface Ethernet 0/0/1
 5 [lugu-Ethernet0/0/1]ip address 172.30.1.2 24
 6 [lugu-Ethernet0/0/1]display this 
 8 interface Ethernet0/0/1
 9  ip address 172.30.1.2 255.255.255.0
11 return
12 [lugu-Ethernet0/0/1]
13 [lugu-Ethernet0/0/1]undo shutdown 
14 [lugu-Ethernet0/0/1]quit 
15 [lugu]user-interface vty 0 4
16 [lugu-ui-vty0-4]authentication-mode aaa 
17 [lugu-ui-vty0-4]user privilege level 3
18 [lugu-ui-vty0-4]quit 
19 [lugu]aaa  #进入aaa配置模式,这是华为的一个特色,哈哈
20 [lugu-aaa]local-user yinzhengjie password cipher 123  #创建一
22 个用户是尹正杰,密码是用密文加密的是"123"
23 [lugu-aaa]local-user yinzhengjie service-type telnet  #只给
25 yinzhengjie 这个用户telnet的权限
26 [lugu-aaa]quit 
27 [lugu]super password simple yinzhengjie #设置用户模式进入系统
29 配置模式的密码为yinzhengjie,加密格式是明文的哟,可以用dis cu
31 来查看到这个密码,建议设置成密文。根据你的重要性了

测试:

 1 测试:
 3 [zhaowei-Ethernet0/0/1]display this 
 5 interface Ethernet0/0/1
 6  ip address 172.30.1.1 255.255.255.0
 8 return
 9 [zhaowei-Ethernet0/0/1]ping 172.30.1.2
10   PING 172.30.1.2: 56  data bytes, press CTRL_C to break
11     Reply from 172.30.1.2: bytes=56 Sequence=1 ttl=255 time=60 ms
12     Reply from 172.30.1.2: bytes=56 Sequence=2 ttl=255 time=40 ms
13     Reply from 172.30.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
14     Reply from 172.30.1.2: bytes=56 Sequence=4 ttl=255 time=50 ms
15     Reply from 172.30.1.2: bytes=56 Sequence=5 ttl=255 time=40 ms
17   --- 172.30.1.2 ping statistics ---
18     5 packet(s) transmitted
19     5 packet(s) received
20     0.00% packet loss
21     round-trip min/avg/max = 30/44/60 ms
23 [zhaowei-Ethernet0/0/1]
24 <zhaowei>telnet 172.30.1.2
25 Trying 172.30.1.2 ...
26 Press CTRL+K to abort
27 Connected to 172.30.1.2 ...
30 Login authentication
33 Username:yinzhengjie
34 Password:
35 Info: The max number of VTY users is 10, and the number
36       of current VTY users on line is 1.
37       The current login time is 2017-04-18 18:56:35.
38 <lugu>

 

二.H3C配置远程管理的案例展示

网络拓扑图实验:

 

1.不需要验证(none,该方式不推荐使用,一般都是你在实验的时候可以这样配置,现实中切记不要使用哟!)
 1 1>.R1路由器配置如下
 2 [R1]interface GigabitEthernet 0/0
 3 [R1-GigabitEthernet0/0]ip address 172.30.1.1 24
 4 [R1-GigabitEthernet0/0]undo shutdown
 5 [R1-GigabitEthernet0/0]quit
 6 [R1]telnet server enable                        ------开启Telnet服务
 7 [R1]user-interface vty 0 4                    
 8 [R1-line-vty0-4]authentication-mode none
 9 [R1-line-vty0-4]user-role level-15                ------->指定登录账号的级别
10 [R1-line-vty0-4]
11 
12 2>.R2路由器配置如下
13 [R2]interface GigabitEthernet 0/0
14 [R2-GigabitEthernet0/0]ip address 172.30.1.2 24
15 [R2-GigabitEthernet0/0]undo shutdown
16 [R2-GigabitEthernet0/0]ping 172.30.1.1
17 Ping 172.30.1.1 (172.30.1.1): 56 data bytes, press CTRL_C to break
18 56 bytes from 172.30.1.1: icmp_seq=0 ttl=255 time=1.067 ms
19 56 bytes from 172.30.1.1: icmp_seq=1 ttl=255 time=0.590 ms
20 56 bytes from 172.30.1.1: icmp_seq=2 ttl=255 time=0.640 ms
21 56 bytes from 172.30.1.1: icmp_seq=3 ttl=255 time=0.605 ms
22 56 bytes from 172.30.1.1: icmp_seq=4 ttl=255 time=0.578 ms
23 
24 --- Ping statistics for 172.30.1.1 ---
25 5 packets transmitted, 5 packets received, 0.0% packet loss
26 round-trip min/avg/max/std-dev = 0.578/0.696/1.067/0.187 ms
27 [R2-GigabitEthernet0/0]%Feb 23 02:22:13:211 2018 R2 PING/6/PING_STATISTICS: Ping statistics for 172.30.1.1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.578/0.696/1.067/0.187 ms.
28 
29 [R2-GigabitEthernet0/0]quit
30 [R2]quit
31 <R2>telnet 172.30.1.1                    ------->这里我们就开始Telnet设备R1,只要2个设备连通就可以远程上去了
32 Trying 172.30.1.1 ...
33 Press CTRL+K to abort
34 Connected to 172.30.1.1 ...
35 
36 ******************************************************************************
37 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *
38 * Without the owner's prior written consent,                                 *
39 * no decompiling or reverse-engineering shall be allowed.                    *
40 ******************************************************************************
41 
42 <R1>

 

2.只需要密码验证(password)
 1 1.R1路由器配置如下:
 2 [R1]interface GigabitEthernet 0/0
 3 [R1-GigabitEthernet0/0]ip address 172.30.1.1 24
 4 [R1-GigabitEthernet0/0]undo shutdown
 5 [R1-GigabitEthernet0/0]quit
 6 [R1]telnet server enable
 7 [R1]user-interface vty 0 4
 8 [R1-line-vty0-4]authentication-mode password                ----->开启认证模式为password模式
 9 [R1-line-vty0-4]set authentication password simple 123            ------>设置认证密码为123(明文哟)
10 [R1-line-vty0-4]user-role level-15                            ------->设置账户的等级为15级
11 [R1-line-vty0-4]
12 
13 2>.R2路由器配置如下
14 [R2]interface GigabitEthernet 0/0
15 [R2-GigabitEthernet0/0]IP address 172.30.1.2 24
16 [R2-GigabitEthernet0/0]undo shutdown
17 [R2-GigabitEthernet0/0]quit
18 [R2]quit
19 <R2>telnet 172.30.1.1            ------->开始远程R1路由器
20 Trying 172.30.1.1 ...
21 Press CTRL+K to abort
22 Connected to 172.30.1.1 ...
23 
24 ******************************************************************************
25 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *
26 * Without the owner's prior written consent,                                 *
27 * no decompiling or reverse-engineering shall be allowed.                    *
28 ******************************************************************************
29 
30 Password:                    ------->我们需要设置R1设置的密码, 即“123”
31 <R1>
32 <R1>
33 <R1>

 

3.需要用户名和密码验证(scheme方式)
 1 1>.R1路由器配置如下:
 2 [R1]interface GigabitEthernet 0/0
 3 [R1-GigabitEthernet0/0]IP address 172.30.1.1 24
 4 [R1-GigabitEthernet0/0]undo shutdown
 5 [R1-GigabitEthernet0/0]quit
 6 [R1]telnet server enable
 7 [R1]user-interface vty 0 4
 8 [R1-line-vty0-4]authentication-mode scheme            ------>开启用户名密码登录方式
 9 [R1-line-vty0-4]user-role level-15                
10 [R1-line-vty0-4]quit
11 [R1]local-user yinzhengjie
12 New local user added.
13 [R1-luser-manage-yinzhengjie]password simple 123    ------>设置明文密码为"123"
14 [R1-luser-manage-yinzhengjie]service-type telnet        ----->设置服务类型及优先级
15 [R1-luser-manage-yinzhengjie]quit
16 [R1]super password simple 666                    ------>这里我们设置了普通视图进入系统视图的密码,个别用户是需要输入这个密码才可以登录进来的哟!
17 
18 
19 
20 2>.R2路由器配置如下:
21 [R2]interface GigabitEthernet 0/0
22 [R2-GigabitEthernet0/0]ip address 172.30.1.2 24
23 [R2-GigabitEthernet0/0]undo shutdown
24 [R2-GigabitEthernet0/0]quit
25 [R2]quit
26 <R2>telnet 172.30.1.1
27 Trying 172.30.1.1 ...
28 Press CTRL+K to abort
29 Connected to 172.30.1.1 ...
30 
31 ******************************************************************************
32 * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *
33 * Without the owner's prior written consent,                                 *
34 * no decompiling or reverse-engineering shall be allowed.                    *
35 ******************************************************************************
36 
37 login: yinzhengjie                ----->这里我们输入在R1上配置的用户名“yinzhengjie”
38 Password:                    ------>这里我们输入用户名“yinzhengjie”对应的密码“123”
39 <R1>

您可能还喜欢...