Huawei-R&S-网络工程师实验笔记20190530-FTP上传下载、STelnet登录、SFTP登录

》Huawei-R&S-网络工程师实验笔记20190530-FTP上传下载、STelnet登录、SFTP登录

》》实验开始，参考《Huawei-R&S-网络工程师实验笔记20190524-XXX》中的拓扑图，使用 Huawei eNSP、Wireshark、Oracle VM VirtualBox 等工具软件，并开启了左侧、右侧的路由器AR1、AR2。以下将全部使用代码展示实验过程和理解：

<AR2>sy
Enter system view, return user view with Ctrl+Z.
[AR2]int g0//
[AR2-GigabitEthernet0//]ip address 202.100.1.4
[AR2-GigabitEthernet0//]
May   ::-: AR2 %%01IFNET//LINK_STATE(l)[]:The line protocol IP
 on the interface GigabitEthernet0// has entered the UP state.
[AR2-GigabitEthernet0//]q
[AR2]dis ip int bri    //查看IP是否配置，要保证与AR1可以互通（AR1设备配置同样动作）
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is
The number of interface that is DOWN in Physical is
The number of interface that is UP in Protocol is
The number of interface that is DOWN in Protocol is 

Interface                         IP Address/Mask      Physical   Protocol
GigabitEthernet0//              202.100.1.4/       up         up     //在AR1中ping后发现不通
GigabitEthernet0//              unassigned           down       down
GigabitEthernet0//              unassigned           down       down
NULL0                             unassigned           up         up(s)
[AR2]
[AR2]int g0//
[AR2-GigabitEthernet0//]ip address 202.100.1.2      //重新配置IP，并在AR1中ping看看
[AR2-GigabitEthernet0//]q
[AR2]q
[AR2]ftp server enable     //开启FTP功能
Info: Succeeded in starting the FTP server
[AR2]aaa
[AR2-aaa]local-user tangjun password cipher        //用户名tangjun和密码123(cipher保密模式)
Info: Add a new user.
[AR2-aaa]local-user tangjun privilege level        //该用户的级别15
[AR2-aaa]local-user tangjun ftp ?      //ftp目录是哪，？查询后续命令
  STRING<->  [drive][path]
  flash:        Device name
[AR2-aaa]local-user tangjun ftp flash:   //有版本命令是local-user tangjun ftp-directory flash:
[AR2-aaa]local-user tangjun service-type ftp     //该用户服务于FTP
[AR2-aaa]q
[AR2]q
<AR2>save updatafile.zip     //保存个配置文件，假定为升级文件，用后续FTP实验
 Are you sure to save the configuration to updatafile.zip? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR2>dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
      drw-              -  May   ::   dhcp
      -rw-        ,  May   ::   portalpage.zip
      -rw-              May   ::   updatafile.zip    //升级文件成功创建,将会被拷贝至AR1的根目录下
      -rw-          ,  May   ::   statemach.efs
      -rw-        ,  May   ::   sslvpn.zip
      -rw-              May   ::   private-data.txt
      -rw-              May   ::   vrpcfg.zip

,, KB total (, KB free)
<AR2>

<AR1>sy
Enter system view, return user view with Ctrl+Z.
[AR1]int g0//
[AR1-GigabitEthernet0//]ip address 202.100.1.1
May   ::-: AR1 %%01IFNET//LINK_STATE(l)[]:The line protocol IP
 on the interface GigabitEthernet0// has entered the UP state.
[AR1-GigabitEthernet0//]q
[AR1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is
The number of interface that is DOWN in Physical is
The number of interface that is UP in Protocol is
The number of interface that is DOWN in Protocol is 

Interface                         IP Address/Mask      Physical   Protocol
GigabitEthernet0//              202.100.1.1/       up         up        //接口配置好了IP
GigabitEthernet0//              unassigned           up         down
GigabitEthernet0//              unassigned           down       down
NULL0                             unassigned           up         up(s)
[AR1]ping 202.100.1.4
  PING 202.100.1.4:   data bytes, press CTRL_C to break  //无法连通AR2接口，其IP地址配置错误
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
  --- 202.100.1.4 ping statistics ---
     packet(s) transmitted
     packet(s) received
    100.00% packet loss

[AR1]ping 202.100.1.2       //对端设备AR2已重新配置IP，现在重新ping
  PING 202.100.1.2:   data bytes, press CTRL_C to break
    Reply from 202.100.1.2: bytes= Sequence= ttl= time= ms
    Reply from 202.100.1.2: bytes= Sequence= ttl= time= ms
    Reply from 202.100.1.2: bytes= Sequence= ttl= time= ms
    Reply from 202.100.1.2: bytes= Sequence= ttl= time= ms
    Reply from 202.100.1.2: bytes= Sequence= ttl= time= ms
  --- 202.100.1.2 ping statistics ---
     packet(s) transmitted
     packet(s) received
    0.00% packet loss
    round-trip min/avg/max = // ms     //AR1与AR2网络连通了
[AR1]

<AR1>ftp 202.100.1.2    //通过FTP程序连接到服务器
Trying 202.100.1.2 ...

Press CTRL+K to abort
Connected to 202.100.1.2.
 FTP service ready.
User(202.100.1.2:(none)):tangjun     //输入用户名
 Password required for tangjun.
Enter password:        //输入密码
 User logged in.

[AR1-ftp]get updatafile.zip     //获取数据文件
 Port command okay.
 Opening ASCII mode data connection for updatafile.zip.
 Transfer complete.      //传输成功
FTP:  byte(s) received in 0.190 second(s) .44Kbyte(s)/sec.
[AR1-ftp]

[AR1-ftp]put flash:/dhcp/dhcp-duid.txt        //上传文件至AR2根目录
 Port command okay.
 Opening ASCII mode data connection for dhcp-duid.txt.
 %
 Transfer complete.
FTP:  byte(s) sent in 0.180 second(s) .44byte(s)/sec.
[AR1-ftp]q
 Server closing.

<AR2>dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
      -rw-               May   ::   dhcp-duid.txt    //验证确实从AR1上传了该文件
      drw-              -  May   ::   dhcp
      -rw-        ,  May   ::   portalpage.zip
      -rw-          ,  May   ::   statemach.efs
      -rw-        ,  May   ::   sslvpn.zip

,, KB total (, KB free)
<AR2>

----------------------------分割线---------------------------

[AR1]int g0//
[AR1-GigabitEthernet0//]ip add 10.1.1.1      //配置设备AR1的IP
May   ::-: AR1 %%01IFNET//LINK_STATE(l)[]:The line protocol IP
 on the interface GigabitEthernet0// has entered the UP state.
[AR1-GigabitEthernet0//]

[AR2]int g0//
[AR2-GigabitEthernet0//]ip add 10.1.1.2      //配置设备AR2的IP
May   ::-: AR2 %%01IFNET//LINK_STATE(l)[]:The line protocol IP
 on the interface GigabitEthernet0// has entered the UP state. 

[AR2-GigabitEthernet0//]ping 10.1.1.1      //ping命令测试链路连通性
  PING 10.1.1.1:   data bytes, press CTRL_C to break
    Reply from 10.1.1.1: bytes= Sequence= ttl= time= ms
    Reply from 10.1.1.1: bytes= Sequence= ttl= time= ms
    Reply from 10.1.1.1: bytes= Sequence= ttl= time= ms
    Reply from 10.1.1.1: bytes= Sequence= ttl= time= ms
    Reply from 10.1.1.1: bytes= Sequence= ttl= time= ms
  --- 10.1.1.1 ping statistics ---
     packet(s) transmitted
     packet(s) received
    0.00% packet loss
    round-trip min/avg/max = // ms

[AR2-GigabitEthernet0//]q
[AR2]rsa local-key-pair create     //生成本地RSA主机秘钥对
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is ( ~ ).
NOTES: If the key modulus is greater than ,
       It will take a few minutes.
Input the bits in the modulus[default = ]:
Generating keys...
.......++++++++++++
...++++++++++++
................++++++++
..++++++++

[AR2]dis rsa local-key-pair public      //查看本地秘钥对中的公钥信息
=====================================================
Time of Key pair created: -- ::-:  //公钥生成的时间
Key name: Host       //公钥的名称
Key type: RSA encryption Key       //公钥的类型
=====================================================
Key code:

    D9ECDB6E 9EECEFAA 41985FA2 B3E9B851 FEBF8F95
    A0E9AC13 3E76F9DB CCD8C7F6 430C6860 CBA492EC
    5DC2BEE5 3BBDAFE4 B5AADFD9 E67F0750 C9AAA4F9
    1BDA1F4D 

=====================================================
Time of Key pair created: -- ::-:
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:

    D2F5696B 7E37CF47 A0BC83A3 E493B894 07AD556D
    AD009F7A 6B84CAD6 A04D41DA E7E6E681 1F033564
    DCB9D67B C49B168C 894A88A3 CE999F66 02110D8F
    85F1680C D9CD8B18 DF740263 26BFEC8C FBD9D98A
    A26BFBD2 CE71A57F 345BC3A8 7D8E4737 

[AR2]
[AR2]user-interface vty       //配置VTY虚拟用户界面
[AR2-ui-vty0-]authentication-mode aaa     //配置用户AAA授权验证模式
[AR2-ui-vty0-]protocol inbound ?     //指定VTY界面只支持？什么协议
  all     All protocols
  ssh     SSH protocol
  telnet  Telnet protocol
[AR2-ui-vty0-]protocol inbound ssh     //指定VTY用户界面只支持SSH协议
[AR2-ui-vty0-]aaa
[AR2-aaa]local-user tangjun password cipher      //配置本地用户tangjun和密文口令123
Info: Add a new user.
[AR2-aaa]local-user tangjun service-type ssh     //配置本地用户tangjun的接入类型为SSH
[AR2-aaa]local-user tangjun privilege level       //配置本地用户tangjun的优先级为15最高级
[AR2-aaa]q        //此处务必要回退至[AR2]，方可使用ssh命令
[AR2]ssh user tangjun authentication-type password    //指定用户tangjun为SSH用户，并延续密码认证方式
 Authentication type setted, and will be in effect next time
[AR2]stelnet server enable      //开启设备的STelnet功能（即开启SSH服务器）
Info: Succeeded in starting the STELNET server.

[AR2]dis ssh user-information tangjun      //在SSH服务器查看SSH用户配置信息
 -------------------------------------------------------------------------------
 Username         Auth-type          User-public-key-name
 -------------------------------------------------------------------------------
 tangjun          password           null                       //可以观察所配置的用户名及认证方式
 -------------------------------------------------------------------------------

[AR2]dis ssh server status       //查看SSH服务器全局配置信息
 SSH version                         :1.99
 SSH connection timeout              : seconds
 SSH server key generating interval  : hours
 SSH Authentication retries          : times
 SFTP Server                         :Disable
 Stelnet server                      :Enable       //启用状态

[AR1]ssh client first-time enable     //开启SSH用户端AR1首次认证功能
[AR1]stelnet 10.1.1.2    //连接对端的SSH服务器
Please input the username:tangjun    //输入用户名
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y     //因首次认证，将不对RSA公钥进行有效性检查
May   ::-: AR1 %%01SSH//CONTINUE_KEYEXCHANGE(l)[]:The server h
ad not been authenticated in the process of exchanging keys. When deciding wheth
er to continue, the user chose Y.
[AR1]
Save the server's public key? (y/n)[n]:y      //登录后系统会自动分配RSA公钥，留待下次登录认证
The server's public key will be saved with the name 10.1.1.2. Please wait...
May   ::-: AR1 %%01SSH//SAVE_PUBLICKEY(l)[]:When deciding whet
her to save the server's public key 10.1.1.2, the user chose Y.
[AR1]
Enter password:
<AR2>     //成功远程登录AR2
<AR2>dis ssh server session      //查看当前SSH服务器端的会话连接信息
 --------------------------------------------------------------------
 Conn   Ver   Encry     State  Auth-type        Username
 --------------------------------------------------------------------
 VTY   2.0   AES       run    password         tangjun        //可发现：已通过VTY线路0远程登录上了
 --------------------------------------------------------------------
<AR2>

[AR2]aaa
[AR2-aaa]local-user tangjun2 password cipher     //配置本地用户tangjun2和密文口令123
Info: Add a new user.
[AR2-aaa]local-user tangjun2 service-type ssh     //配置本地用户tangjun2的接入类型为SSH
[AR2-aaa]local-user tangjun2 privilege level     //配置本地用户tangjun2的优先级为3管理级
[AR2-aaa]local-user tangjun2 ftp-directory flash:
[AR2-aaa]q
[AR2]ssh user tangjun2 authentication-type password     //指定用户tangjun2为SSH用户，并延续密码认证方式
 Authentication type setted, and will be in effect next time
[AR2]sftp server enable       //开启设备的SFTP功能
Info: Succeeded in starting the SFTP server.

[AR2]dis ssh server status
 SSH version                         :1.99
 SSH connection timeout              : seconds
 SSH server key generating interval  : hours
 SSH Authentication retries          : times
 SFTP Server                         :Enable
 Stelnet server                      :Enable

<AR1>sy
Enter system view, return user view with Ctrl+Z.
[AR1]sftp 10.1.1.2     //连接对端AR2的SSH服务器（注意在系统视图下敲命令）
Please input the username:tangjun2
Trying 10.1.1.2 ...
Press CTRL+K to abort
Enter password:
sftp-client>        //已成功登录AR2

[AR2]dis ssh server session       //查看SSH服务器全局配置信息
 --------------------------------------------------------------------
 Conn   Ver   Encry     State  Auth-type        Username
 --------------------------------------------------------------------
 VTY   2.0   AES       run    password         tangjun2          //可发现：已通过VTY线路0远程登录上了
 --------------------------------------------------------------------