Configuring Logging In to the CLI Using SSH Using the CLI - In Practice

Created: Nov 28, 2021 22:22:24Latest reply: Dec 3, 2021 16:56:59 367 12 18 0 0

Configuring Logging In to the CLI Using SSH Using the CLI - In Practice

Hello everyone,

Today, I would like to introduce in practice a method of configuring the SSH protocol and login via CLI.

The local administrator has some administrator permissions and can use SSH to login to the CLI only from a local PC for FW management and maintenance. FW implements local authentication on administrators.

Procedure:

To complete our example, we need to follow these steps:

Enable the SSH service in FW:

Enable SSH for IPv4 or IPv6. IPv4 is used as an example

In the example the configured IP address has been set to 172.16.100.2, the interface has been added to the trust zone and the administrator has permission to log into the device using SSH.

Configure the administrator login interface:

Configure the interface IP address and interface-based access control and enable the administrator to log in to the device through SSH.

Add an interface to the security zone.

Configure the VTY administrator interface:

Set the VTY administrator interface authentication mode to AAA and the idle disconnect duration to 5 minutes (default value is 10 minutes).

The default number of VTY administrator interfaces is five. To add more interfaces, run the maximum-vty number UI command.

Configure the administrator:

Configure the SSH administrator.

Create an administrator and bind a role to the administrator.

In the example the username is sshuser and the password Huawei@123

Configure the SSH user.

Generate a local key pair.

Configure the IP address of the administrator PC and use Telnet software to log into the VTY interface:

Set the IP address and subnet mask of the administrator PC to 172.16.100.1 and 255.255.255.0.

The terminal used in the example is SecureCRT. Choose SSH2 as protocol and hostaname 172.16.100.2 as port 22 and click Connect.