How Do I Configure Stelnet-based Login Server?

Latest reply: Apr 20, 2019 20:12:59 882 1 1 0

Q: How Do I Configure Stelnet-based Login Server?

ATo log in the device using Stelnet, you need to configure an authentication mode. Currently, the device supports the following authentication modes: RSA, password, password-rsa, DSA, password-dsa, ECC, password-ecc, and all. The following describes how to configure two authentication modes (password and RSA) for Stelnet-based login.

Networking Description

As shown in Figure 1-1, the device functions as an SSH server and has reachable routes to PC1 and PC2, and the IP address of the management interface on the SSH server is 10.137.217.203. Two login users client001 and client002 need to be configured on the SSH server. PC1 uses client001 to log in to the SSH server and undergoes a password authentication; PC2 uses client002 to log in to the SSH server and undergoes an RSA authentication.

Figure 1-1 Networking diagram for logging in to the device using STelnet

20180518102807351001.png

 

Precautions

Take the following precautions when configuring STelnet-based login:

l   STelnet V1 has security vulnerabilities. You are advised to log in to the device using STelnet V2.

l   Before configuring STelnet-based login, install the SSH server login software on PC1, and install the key pair generation software, public key conversion software, and SSH server login software on PC2. This example uses the third-party software PuTTY as the SSH server login software.

Procedure

1.         Generate a local key pair on the SSH server.

<HUAWEI> system-view
[~HUAWEI] sysname SSH Server
[*HUAWEI] commit
[~SSH Server] rsa local-key-pair create   //Generate local RSA host and server key pairs.
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTE: Key pair generation will take a short while.
Input the bits in the modulus [default = 2048] : 2048   //You are advised to set the size of the key pairs to 2048 to improve device security. In V200R001C00 and later versions, the switch supports only 2048-bit key pairs. You do not need to enter the value.
[*SSH Server] commit

2.         Create an SSH user on the server.

# Configure the VTY user interface.

[~SSH Server] user-interface vty 0 4   //Enter the VTY 0-VTY 4 user interface view.
[~SSH Server-ui-vty0-4] authentication-mode aaa   //Set the authentication mode for user login to AAA authentication.
[*SSH Server-ui-vty0-4] user privilege level 3   //Set the user level to 3.
[*SSH Server-ui-vty0-4] protocol inbound ssh   //Configure the VTY user interface to support SSH.
[*SSH Server-ui-vty0-4] quit

# Create an SSH user named client001 and configure the password authentication mode for the user.

[*SSH Server] aaa
[*SSH Server-aaa] local-user client001 password irreversible-cipher Huawei@123   //Configure the local user name and password. 
[*SSH Server-aaa] local-user client001 level 3   //Set the user level to 3.
[*SSH Server-aaa] local-user client001 service-type ssh   //Set the service type for the local user to SSH.
[*SSH Server-aaa] quit
[*SSH Server] ssh user client001 authentication-type password   //Set the authentication mode for client001 to password authentication.

# Create another SSH user named client002 and configure related information for the user.

a.         Create an SSH user named client002 and configure the RSA password authentication mode for the user.

[*SSH Server] ssh user client002 authentication-type rsa   //Set the authentication mode for client002 to RSA authentication.
[*SSH Server] ssh authorization-type default root

b.         Run puttygen.exe on PC2 to generate the public and private key files.

Select SSH2 RSA and click Generate. By moving the cursor in the blank area to generated the key.

Figure 1-2 PuTTY Key Generator (1)

20180518102808164002.png

 

After the key is generated, click Save public key to save the key as the key.pub file.

Figure 1-3 PuTTY Key Generator (2)

20180518102809404003.png

 

Click Save private key. In the PuTTYgen Warning dialog box that is displayed, click Yes. The private key is saved as the private.ppk file.

Figure 1-4 PuTTY Key Generator (3)

20180518102810986004.png

 

c.         Run sshkey.exe on the client. Convert the generated public key to the character string required for the device.

Open the key.pub file.

Figure 1-5 ssh key convert (1)

20180518102810324005.png

 

Click Convert(C). The original and converted public keys are displayed.

Figure 1-6 ssh key convert (2)

20180518102811259006.png

 

d.         On the SSH server, enter the RSA public key generated on PC2.

[*SSH Server] rsa peer-public-key rsakey001   //Enter the RSA public key view.
[*SSH Server-rsa-public-key] public-key-code begin   //Enter the RSA public key editing view.
[*SSH Server-rsa-public-key-rsa-key-code] 30820108 02820101 00DD8904 1A5E30AA 976F384B 5DB366A7   //Edit the public key.
[*SSH Server-rsa-public-key-rsa-key-code] 048C0E79 06EC6B08 8BB9567D 75914B5B 4EA7B2E5 1938D118
[*SSH Server-rsa-public-key-rsa-key-code] 4B863A38 BA7E0F0D BE5C5AE4 CA55B192 B531AC48 B07D21E3
[*SSH Server-rsa-public-key-rsa-key-code] 62E3F2A5 8C04C443 CF51CF51 136B5B9E 812AB1B7 1250EB24
[*SSH Server-rsa-public-key-rsa-key-code] A4AE5083 A1DB18EC E2395C9B B806E8F0 0BE24FB5 16958784
[*SSH Server-rsa-public-key-rsa-key-code] 403B617F 8AAAB1F8 C6DE8C3C F09E4D23 7D1C17BF 4AAF09C4
[*SSH Server-rsa-public-key-rsa-key-code] 74C083AF 17CD3075 3396B322 32C57FF0 B1991971 02F1033B
[*SSH Server-rsa-public-key-rsa-key-code] 81AA6D47 44520F23 685FAF72 04BA4B6E 615EF224 14E64E2A
[*SSH Server-rsa-public-key-rsa-key-code] 331EEB7F 188D9805 96DBFD30 0C947A5A BA879DC4 F848B769
[*SSH Server-rsa-public-key-rsa-key-code] 513C35CD B52B2917 02B77693 F79910EE 5287F252 977F985E
[*SSH Server-rsa-public-key-rsa-key-code] 5F186C94 93F26780 4E7F5F9D 5287350A 0A4F4988 1BF6AB7C
[*SSH Server-rsa-public-key-rsa-key-code] 1B020125
[*SSH Server-rsa-public-key-rsa-key-code] public-key-code end   //Exit the RSA public key editing view.
[*SSH Server-rsa-public-key] peer-public-key end   //Exit the RSA public key view.

e.         On the SSH server, bind the RSA public key to the client002 user.

[*SSH Server] ssh user client002 assign rsa-key rsakey001
[*SSH Server] commit

3.         Enable the STelnet service on the SSH server.

[~SSH Server] stelnet server enable
[*SSH Server] commit

4.         Configure the STelnet service type for the client001 and client002 users.

[~SSH Server] ssh user client001 service-type stelnet
[*SSH Server] ssh user client002 service-type stelnet
[*SSH Server] commit

Verification

After the configuration is complete, use PuTTY to log in to the SSH server from the PC. d(The output information may vary according to version. Therefore, the output information on your device may be different from that provided in this example.)

l   Log in to the SSH server as the client001 user from PC1 in password authentication mode.

# Log in to the device using PuTTY, enter the device's IP address, and select the SSH protocol.

Figure 1-7 Logging in to the SSH server using PuTTY in password authentication mode

20180518102811259006.png

 

# Click Open. On the displayed page, enter the user name client001 and password Huawei@123, then press Enter to log in to the SSH server.

login as: client001
Sent username "client001"
client001@10.137.217.203's password:
 
Info: The max number of VTY users is 21, the number of current VTY users online is 2, and total number of terminal users online is 2.
      The current login time is 2012-08-04 20:09+00:00.
      First login successfully.
<SSH Server>

l   Log in to the SSH server as the client002 user from PC2 in RSA authentication mode.

# Log in to the device using PuTTY, enter the device's IP address, and select the SSH protocol.

Figure 1-8 PuTTY Configuration - RSA authentication mode (1)

20180518102811259006.png

 

# Choose Connection > SSH in the navigation tree. The page shown in Figure 1-9 is displayed. Select 2 under Preferred SSH protocol version.

Figure 1-9 PuTTY Configuration - RSA authentication mode (2)

20180518102812140007.png

 

# Choose Connection > SSH > Auth in the navigation tree. The page shown in Figure 1-10 is displayed. Select the private.ppk file corresponding to the public key configured on the server.

Figure 1-10 PuTTY Configuration - RSA authentication mode (3)

20180518102813913008.png

 

# Click Open. Enter the user name client002 at the prompt, and press Enter. You have logged in to the SSH server.

login as: client002
Authenticating with public key "rsa-key"
 
Info: The max number of VTY users is 5, the number of current VTY users online is 2, and total number of terminal users online is 2.
      The current login time is 2012-08-04 20:09+00:00.
      First login successfully.
<SSH Server>

 

 

You can also find the answer in Common Login Operations in Common Operation Guide.

This post was last edited by user_2718035 at 2012-08-04 20:09.
  • x
  • convention:

Fresnel Created Apr 20, 2019 20:12:59 Helpful(0) Helpful(0)

Hi,
I cannot find sshkey.exe anywhere, can you provide a safe link to download it ?

It appears a very useful tool for Windows users
Thanks
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top