适用设备:Huawei NE8000M6 / VRP 系统
🧩 一、配置目标
🖥 二、完整配置脚本(带说明)
system-view
# ====== 配置管理接口IP ======
interface GigabitEthernet1/0/0
ip address 192.168.100.254 255.255.255.0
quit
# ====== AAA 本地用户配置 ======
aaa
local-user admin123 password irreversible-cipher admin@huawei.com
local-user admin123 service-type ssh
local-user admin123 level 15
local-user admin123 state block fail-times 3 interval 5
quit
# ====== 关闭复杂密码策略 ======
undo user-security-policy enable
# ====== 启用 SSH 服务 ======
stelnet server enable
# ====== SSH 用户绑定 ======
ssh user admin123
ssh user admin123 authentication-type password
ssh user admin123 service-type stelnet snetconf
# ====== 允许所有接口作为管理地址 ======
ssh server-source all-interface
# ====== SSH 客户端首次连接免确认 ======
ssh client first-time enable
# ====== VTY 远程登录线路 ======
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
quit
# ====== 保存配置 ======
save
🔎 三、配置说明
1️⃣ 管理接口IP
设置设备远程管理地址:
192.168.100.254
2️⃣ 本地AAA用户
创建本地管理员账号并启用密码加密存储,登录即最高权限。
3️⃣ SSH服务
stelnet server enable
华为设备中 stelnet 即 SSH 服务。
4️⃣ VTY线路
限制只允许 SSH 登录,启用 AAA 认证。
🔐 四、登录方式
电脑终端执行:
ssh admin123@192.168.100.254
密码:
admin@huawei.com
⚙️ 五、可选安全增强(按需使用)
✔ 仅允许管理口IP作为SSH地址
ssh server-source GigabitEthernet1/0/0
✔ 修改SSH端口
ssh server port 2222
🧩 六、纯净版配置脚本(无注释 / 直接上线)
system-view
interface GigabitEthernet1/0/0
ip address 192.168.100.254 255.255.255.0
quit
aaa
local-user admin123 password irreversible-cipher admin@huawei.com
local-user admin123 service-type ssh
local-user admin123 level 15
local-user admin123 state block fail-times 3 interval 5
quit
undo user-security-policy enable
stelnet server enable
ssh user admin123
ssh user admin123 authentication-type password
ssh user admin123 service-type stelnet snetconf
ssh server-source all-interface
ssh client first-time enable
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
idle-timeout 5 0
protocol inbound ssh
quit
save
✅ 七、最终交付效果
✔ 管理地址:192.168.100.254
✔ SSH远程登录可用
✔ AAA本地认证
✔ 登录即最高权限
✔ 可直接作为工程验收配置
评论区