+(65) 8344 4290 Ciscodumps.net@gmail.com Room 907, Block B, Baoneng Entrepreneurship Center, Guangrong Road, Hongqiao District, Tianjin

ThinkMo EDU Share – network 8.STelnet login

蒂娜 No Comments 10/18/2022

ThinkMo EDU Share – network 8.STelnet login

Brief introduction of principle

There is a lack of secure authentication in Telnet login, and its transmission process adopts TCP for plaintext transmission, which has great security risks. Moreover, simply providing Telnet service is prone to malicious attacks such as host IP address spoofing and routing spoofing.

STelnet is short for Secure Telnet. In a traditional insecure network environment, the server provides secure Telnet service for the middle-end access of the network through authentication of the client and bidirectional data encryption. Note: SSH protocol is recommended for remote login management across the Internet.

SSH is a network security protocol, which can provide secure remote login and other secure network services in an insecure network environment by encrypting network data. SSH is based on TCP protocol port number 22 to transmit data, and supports Password authentication.

The process is: the client sends a Password authentication request to the server, encrypts the user name and password and sends it to the server; After decrypting this information, the server can get the plaintext form of user name and password, and then compare it with the user name and password stored on the device, and return the message of success or failure of authentication. Features of SSH: It can provide secure information guarantee and powerful authentication function to ensure that the router is protected from attacks such as IP address fraud and plaintext password interception. SSH data is encrypted and transmitted, which can replace Telnet.

SFTP is the abbreviation of SSH File Transfer Protocol. In a traditional insecure network environment, the server provides a secure service for network file transmission through authentication of the client and bidirectional data encryption.

Experimental content:

R1 is regarded as SSH client, and R2 is regarded as SSH Server, which is used to simulate remote client R1 logging in to router R2 through SSH protocol for configuration, and configure Password authentication mode for this experiment.

Experimental purpose:

  1. Master the application scenarios of SSH;
  2. Understand the principle of SSH protocol;
  3. Master the method of configuring SSH Password authentication;
  4. Master the configuration of SFTP.

Experimental topology:

Experimental operation:

  1. Complete the basic configuration according to the experimental requirements, and use the ping command to detect the connectivity of directly connected links.
  2. Configuration of 2.SSH Sever: The first operation to successfully complete SSH login is to configure and generate a local RSA key pair. Before other SSH configurations are performed, you should have a local key pair. The generated key pair will be saved in the device and won’t be lost after restarting. Use the rsa local-key-pair create command to generate a local RSA host key pair.
[R2]rsa local-key-pair create

The key name will be: Host

% RSA keys defined for Host already exist.

Confirm to replace them?  (y/n)[n]:y

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Input the bits in the modulus[default = 512]:1024

Generating keys …

……………………….++++++

…………………………………………………………………+++++

+

……………………………………………..++++++++

…………….++++++++

After configuration, you can use the display rsa local-key-pair public command to view the public key information in the local key pair.

[R2]dis rsa local-key-pair public

=====================================================

Time key pair created: 2019-03-22 08: 00: 30-08: 00//Public key generation time

Key: host//public key name

Type: RSA encryption key//public key type

=====================================================

Key code:

308188

028180

9D1723EA 22E9E8D6 F1892590 CBFE134E A2D84ADA

……

……

Then enter the VTY user interface, configure the authentication mode as AAA, specify that the VTY type user interface only supports SSH protocol (the device will automatically prohibit Telnet function), use the local-user command to create local users and Passwords on the AAA interface, and display the user passwords in an encrypted way. When the access type of the local user name is SSH, use the ssh user command to create a new SSH user, and specify that the authentication method of users is password.

[R2]user-interface VTY 0 4 // Enter the vty user interface.

[R2-UI-VTY0-4] Authentication-mode AAA//Configure the authentication method as AAA

[R2-UI-VTY0-4] Protocol Inbound SSH//Users of specified VTY type only support SSH protocol (Telnet will be automatically prohibited)

[R2-ui-vty0-4]aaa

[R2-aaa]local-user admin password cipher huawei

[R2-AAA] Local-User Admin Service-Type SSH//Configure the access type as SSH

[R2-aaa]q

[R2] SSH user admin authentication-type password//Specifies that the authentication method of SSH users is password authentication.

Authentication type setted, and will be in effect next time

You can also continue to use the local-user *** privilege level command to configure the priority of local users, with values ranging from 0 to 15. The larger the value, the higher the priority. Moreover, you can only exercise orders equal to or lower than your own priority level.

By default, the SSH server function of the device is turned off, and it is turned on by using the stelnet server enable command. Only when it is turned on, the client can connect with the device by SSH.

[R2]stelnet server enable

Info: Succeeded in starting the STELNET server.

After configuration, you can use the command display SSH user-information *** to view the configuration information of SSH users on the SSH server side. When no specific user is specified, the configuration information of all SSH users can be viewed. Use the display SSH server status command to view the global configuration information of ssh server.

[R2]dis ssh user-information admin

——————————————————————————-

Username         Auth-type          User-public-key-name

——————————————————————————-

admin            password           null

——————————————————————————-

[R2]dis ssh server status

SSH version                         :1.99

SSH connection timeout              :60 seconds

SSH server key generating interval  :0 hours

SSH Authentication retries          :3 times

SFTP Server                         :Disable

Stelnet server :Enable // is started.

3.SSH Client configuration

Turn on the first authentication function of SSH client, that is, do not check the validity of RSA public key of SSH. After logging in, the system will automatically assign and save the RSA public key for the next login. Otherwise, when logging in to the server for the first time, the user has not saved the RSA public key, which will result in the failure of the validity check of the server’s RSA public key, and then the login failure.

After logging in successfully, you can use the display shh server session command to view the current session connection information of SSH server.

[R1]ssh client first-time enable

[R1]stelnet 10.1.1.2

Please input the username:admin

Trying 10.1.1.2  …

Press CTRL+K to abort

Connected to 10.1.1.2  …

The server is not authenticated. Continue to access it?  (y/n)[n]:y

[R1]

Save the server’s public key?  (y/n)[n]:y

The server’s public key will be saved with the name 10.1.1.2. Please wait …

[R1]

Enter password:sys

[R2] dissh server session//View current session information

——————————————————————–

Conn   Ver   Encry     State  Auth-type        Username

——————————————————————–

The vt0 2.0 AES run password admin//has been successfully connected and can be configured as required.

——————————————————————–

4.SFTP Sever configuration

Enter AAA view, create a new user and configure ciphertext password; The user access type is SSH, and the configuration priority is 3. Then specify the accessible directory of FTP users. It is empty by default. If it is not configured, you will not be able to log in. Use SSH user to create a new ssh user, and specify password authentication as the authentication method. Then use the SFTP server enable command to turn on the sftp server function.

After the configuration, check the configuration information of SSH server, then use sftp command to connect SSH server on R1, and finally check the information of SSH session connection on R2.

[R2]aaa

[R2-AAA] local-user Huawei 1 password cipher Huawei 2//Create a new user

Info: Add a new user.

[R2-AAA] local-user Huawei 1 service-type ssh//Set the connection type.

[R2-aaa]local-user huawei1 privilege level 3

[R2-AAA] local-user Huawei 1 FTP-directory flash://Specify the accessible directory.

[R2] SSHUAWEI1 authentication-type password//Configure authentication method

Authentication type setted, and will be in effect next time

[R2]sftp server enable // Turn on SFTP function.

Info: Succeeded in starting the SFTP server.

[R2]dis ssh server status

SSH version                         :1.99

SSH connection timeout              :60 seconds

SSH server key generating interval  :0 hours

SSH Authentication retries          :3 times

SFTP Server :Enable // has been turned on.

Stelnet server                      :Enable

[R1]sftp 10.1.1.2

Please input the username:huawei1

Trying 10.1.1.2  …

Press CTRL+K to abort

Enter password:

Sftp-client> // Connection succeeded

Finally, check the SSH session connection information on R2:

[R2]dis ssh server session

——————————————————————–

Conn   Ver   Encry     State  Auth-type        Username

——————————————————————–

Y0 2.0 AES run password Huawei 1//has been successfully connected.

——————————————————————–

ThinkMo CCNA Dump exam information exchange group:

CCNA/CCNP/CCIE telegram study group:https://t.me/ccie_ei_lab
CCNA/CCNP/CCIE dump:
WAHTAPP:+65 83444290
WAHTAPP:+63 9750724648

ThinkMo CCNA 200-301 Tutorial VIP Exclusive:
https://www.youtube.com/playlist?list=PLIq0cWorv-oyWHaoH79460mAa3-4AWpvw

The complete EVE_NG file, free learning PDF and PPT that can be used directly, as well as video explaining the technical points are all here!

Leave a Reply

X