以H3c s12508 为示例:
打开ssh协议(系统视图以下用“#”代替不再赘述)
#
ssh server enable
?高级访问控制:
#
acl number 3815 name xxoo
rule 0 permit tcp source x.x.x.x x.x.x.x destination x.x.x.x x.x.x.x destination-port eq 22
rule 5 permit tcp source x.x.x.x x.x.x.x destination x.x.x.x x.x.x.x destination-port eq 830
或
rule 0 permit tcp source x.x.x.x x.x.x.x destination x.x.x.x x.x.x.x destination-port range 22 830
全局端口调用acl 3815规则(也可选择精确端口或vlan):
#
packet-filter 3815 global inbound
ssh服务使能acl 3815:
#
ssh server acl 3815
vty视图配置:
#
user-interface vty 0 4
authentication-mode scheme
user-role network-admin
user-role network-operator
protocol inbound ssh
创建ssh用户及授权:
#
local-user xxxx class manage
password 88888888
service-type telnet ssh terminal
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
打开netconf服务及监听端口:
#
netconf ssh server enable
netconf ssh server port 830
启用用户xxxx以netconf over ssh 登录的连接方式:
#
ssh user xxxx service-type netconf authentication-type password
结果输出:
##
验证成功。
|