|
本帖最后由 EVE-NG-JACK 于 2020-11-20 00:06 编辑
CentOS Linux 部分:
1.升级CentOS Linux内软件
[root@centos7 ~]# yum -y update
2.设置以telnet模式链接Linux
sed -i 's/GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="console=ttyS0,115200 console=tty0"/' /etc/default/grub
3.更新grub.cfg内容
[root@centos7 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
4.安装必要软件
[root@centos7 ~]# yum -y install vim net-tools
5.关闭防火墙
[root@centos7 ~]# systemctl stop firewalld
6.关闭selinux
[root@centos7 ~]# setenforce 0
7.生成密钥
[root@centos7 ~]# ssh-keygen -t rsa #生成密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #回车
Enter same passphrase again: #回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rFO/zhgLwTCAuLJ1PqSaXQNztkLr2Y4T0UaG2AAaPPs root@centos7
The key's randomart image is:
+---[RSA 2048]----+
|B=.. |
|=+o.o |
|..o+o |
|o.* B+ . |
|.+.& .o S |
|. =E* + . |
| = * o+ . . |
|o =.. o = . |
| .o. o.+ |
+----[SHA256]-----+
[root@centos7 ~]# cd ~/.ssh/
[root@centos7 .ssh]# cat id_rsa.pub >> authorized_keys
[root@centos7 .ssh]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:wiVNPYlU2bYrneOuLpRsllzk0O8uYr6rIPY9QypWjms.
ECDSA key fingerprint is MD5:d1:93:c0:cb:79:7a:a8:65:31:29:a1:12:4f:84:e9:a6.
Are you sure you want to continue connecting (yes/no)? yes #输入yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Thu Nov 19 23:09:30 2020
[root@centos7 ~]# exit #登出
logout
Connection to localhost closed.
[root@centos7 .ssh]#
Cisco Router 部分:
1.进入Gi 0/0端口配置IPv4地址和子网掩码
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface GIgabitEthernet 0/0
Router(config-if)#ip address 192.168.0.109 255.255.255.0
Router(config)#no shutdown
2.测试ping通192.168.0.102这个Linux 服务器IP
R1#ping 192.168.0.102
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.102, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
测试结果:五次全通
3.在全局配置模式下,进行设置用户名和密码
1.设置用户名和密码:
R1(config)#username cisco password cisco
2.设置cisco的账户权限
R1(config)#username cisco privilege 15
设置路由器SSH模式和公钥
1.设置domain
R1(config)#ip domain name acme.org
2.设置rsa的算法长度
R1(config)#crypto key generate rsa modulus 2048
3.设置远程登录
R1(config)#line vty 0 4
R1(config-line)#transport input all
R1(config-line)#login local
R1(config-line)#end
在路由器设置ssh模式,并且复制Linux公钥到路由器数据库中
4.进入ssh公钥模式
R1(config)#ip ssh pubkey-chain
5.登录用户
R1(conf-ssh-pubkey)#username cisco
6.进入数据库
R1(conf-ssh-pubkey-user)#key-string
7.黏贴公钥
R1(conf-ssh-pubkey-data)#$2EAAAADAQABAAABAQCWNUUXSIMGdppPLhTndxmm3H7UGTT/O4P1
R1(conf-ssh-pubkey-data)#$7mfCE1a+oFdE6Fw/zO0Y0RO8n84aWCGb7J716mSxquhw9AWp3Ly
R1(conf-ssh-pubkey-data)#$EMKfyCAShDMFxF8fXthUiVyGx6ItuowKice8iASXtz9fvCi99S3
R1(conf-ssh-pubkey-data)#$He7eeqVOcHse1/Zq8HWyFz+W0V2+zGcDJGiRXhnN+GuyCFUp8ow
R1(conf-ssh-pubkey-data)#$3ikR/Kv2Blj9vFa5g2C7qk6BDbf9euRWm38zvEoIPUJKlnbYNxa
R1(conf-ssh-pubkey-data)#VvLztCUnTv563p/uUTdr root@jackubuntu
8.退出
R1(conf-ssh-pubkey-data)#exit
*Nov 15 14:06:51.972: %SYS-5-CONFIG_I: Configured from console by console
R1(conf-ssh-pubkey-user)#end
R1#
9.测试登录
测试链接R1路由器
root@jackubuntu:~/.ssh# ssh cisco@192.168.0.109
|
|