MSR系列路由器
路由器间IPv6 SFTP + RSA公钥认证功能的配置
关键词:MSR;SFTP;RSA;IPv6
一、组网需求:
MSR1作为SFTP服务器,MSR2作为SFTP客户端,MSR在15xx版本作为SSH/SFTP客户端默认使用dsa和服务器进行认证,所以需要使用命令指定为rsa方式
设备清单:MSR系列路由器2台
二、组网图:
三、配置步骤:
版本R1509
MSR1配置命令1 |
//MSR1生成1024位的rsa本地密钥对 [MSR1]public-key local
create rsa The range of
public key size is (512 ~ 2048). NOTES: If the key
modulus is greater than 512, It will take a
few minutes. Press CTRL+C to
abort. Input the bits
in the modulus[default = 1024]: Generating
keys... .......++++++ ........++++++ ...................++++++++ ............++++++++ [MSR1] |
MSR2配置命令 |
//MSR2生成512位的rsa本地密钥对 [MSR2] public-key
local create rsa The range of
public key size is (512 ~ 2048). NOTES: If the
key modulus is greater than 512, It will take a
few minutes. Press CTRL+C to
abort. Input the bits
in the modulus[default = 1024]: Generating
keys... .......++++++ ........++++++ ...................++++++++ ............++++++++ //将msr2本地密钥对的公钥导出sshkey格式的msr2_public_ssh [msr2]public-key local export rsa ssh2
msr2_public_ssh [msr2] |
MSR1配置命令2 |
//将msr2导出的公钥文件下载到本地,并引入成rsakey格式的msr2_public_rsa [msr1]public-key peer
msr2_public_rsa import sshkey msr2_public_ssh [msr1] |
MSR1关键配置脚本 |
# //全局使能IPv6 ipv6 # //并发配置用户数量为5 configure-user count 5 # //从msr2导出的sshkey引入生成的rsakey,名字为msr2_public_rsa public-key peer msr2_public_rsa
public-key-code begin E834CEA 8D
public-key-code end peer-public-key end # interface
Ethernet0/0 port link-mode route ipv6 add 1::1/64 # //SFTP服务器配置 sftp server enable //为登录用户msr2指定rsakey为msr2_public_rsa ssh user msr2 service-type sftp
authentication-type publickey assign publickey msr2_public_rsa work # user-interface vty 0 4 //vty登录用户需要进行aaa认证 authentication-mode scheme # |
MSR2关键配置脚本 |
# //全局使能IPv6 ipv6 # interface Ethernet0/0 port link-mode route //配置IPv6地址 ipv6 address 2::1/64 # |
MSR2上进行验证 |
//在15xx系列版本默认使用dsa密钥进行认证,因此需要使用identity-key rsa命令指定为rsa <MSR2>sftp ipv6 2::1 identity-key rsa Input Username:
msr2 Trying 2::1 ... Press CTRL+K to
abort Connected to
2::1 ... sftp-client>ls -rwxrwxrwx
1 noone nogroup 17942628 Nov 01 09:07
msr30-cmw520-r1509-si.bin drwxrwxrwx 1 noone nogroup
0 Nov 01 09:08 logfile -rwxrwxrwx
1 noone nogroup 3391 Nov 01
09:14 startup.cfg -rwxrwxrwx
1 noone nogroup 299 Nov
01 09:23 3020ssh2 End of file Success sftp-client> |
四、配置关键点:
1) 2台路由器都要生成密钥对和使能IPv6;
2) 客户端需要将自己的密钥对导出成sshkey,服务器需要将其引入为公钥;
3) 服务器为ssh用户指定认证方式、服务类型、认证方式;
4) MSR使用15xx版本作为SSH/SFTP客户端使用RSA公钥进行认证必须要使用如下命令ssh2 ipv6 2::1 identity-key rsa,因为缺省使用dsa进行认证;