华为交换机ssh免密码登录配置方法

关键
华为交换机使用ssh2.0，而Linux默认是openssh，就需要进行转换

第一步：生成公私秘钥

命令：ssh-keygen

wsfnk@ThinkPad-E540:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wsfnk/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/wsfnk/.ssh/id_rsa.
Your public key has been saved in /home/wsfnk/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RVRJJaD5mjPgkqO0FrfyfNtbeCYAoMZECYUaTA4j1pQ wsfnk@ThinkPad-E540
The key's randomart image is:
+---[RSA 2048]----+
|XB*..    .+++o.  |
|X= E     +  ..   |
|o=  .   o .      |
|o    .   o       |
|      o S .      |
|  . .o o +       |
|  .o+.. B +      |
| .o+.o.. B       |
| .ooo...o.       |
+----[SHA256]-----+

第二步：对公钥进行转换

命令：ssh-keygen -f .ssh/id_rsa.pub -e -m pem | grep -v '----' |base64 -d | xxd -p

wsfnk@ThinkPad-E540:~$ ssh-keygen -f .ssh/id_rsa.pub -e -m pem | grep -v '\-\-\-\-' |base64 -d | xxd -p
3082010a0282010100ae48e446e234d296749aa118ff6137898c22468137
0eb4bd2bfa122cd8f4d134051540565f56d5a38d1655aa31c41fee19fbfa
872f4196b60cd01f40e7226e08a8a7c25eaeff92195726853b89f941e055
2c6b40a935c0de4c24b414725b21375ff683a3d1fa3ae0e346b7580fe5c1
5b870d80c5a6fef79bc6ab0f29d09f5bd6de0e8a32d39c8fa67de3fd0384
43cd412604b8f082f67197531debaa5ada9894ec43e963938e7bc17ade98
571ee4de54b685e245fc2206c6466ebcb00b8c0873cb75f8142de14027fb
3c200e3f3e3307437294eb88f79cc8c7dd19e519149eda062cf4dbda4a67
c5c7fad372d2e909815fc47bb5968514d496f56963a444a4970203010001

下面是在交换机上操作，其关键配置如下

####################
rsa peer-public-key 1
 public-key-code begin
  30820109
    02820100
      AE48E446 E234D296 749AA118 FF613789 8C224681 370EB4BD 2BFA122C D8F4D134
      05154056 5F56D5A3 8D1655AA 31C41FEE 19FBFA87 2F4196B6 0CD01F40 E7226E08
      A8A7C25E AEFF9219 5726853B 89F941E0 552C6B40 A935C0DE 4C24B414 725B2137
      5FF683A3 D1FA3AE0 E346B758 0FE5C15B 870D80C5 A6FEF79B C6AB0F29 D09F5BD6
      DE0E8A32 D39C8FA6 7DE3FD03 8443CD41 2604B8F0 82F67197 531DEBAA 5ADA9894
      EC43E963 938E7BC1 7ADE9857 1EE4DE54 B685E245 FC2206C6 466EBCB0 0B8C0873
      CB75F814 2DE14027 FB3C200E 3F3E3307 437294EB 88F79CC8 C7DD19E5 19149EDA
      062CF4DB DA4A67C5 C7FAD372 D2E90981 5FC47BB5 968514D4 96F56963 A444A497
    0203
      010001
 public-key-code end
peer-public-key end

####################
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user wsfnk password cipher %@%@qHC7"=a1eMgyEu&n#{lT.Y2i%@%@
 local-user wsfnk privilege level 15
 local-user wsfnk service-type ssh
 undo local-user admin

#####################
stelnet server enable
ssh user wsfnk
ssh user wsfnk authentication-type rsa
ssh user wsfnk assign rsa-key 1
ssh user wsfnk service-type stelnet

####################
user-interface con 0
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15
 protocol inbound ssh
###注意一：采用这种方式登录，其用户的权限可以不在aaa里设置，但必须要在vty设置里进行设定，如user privilege level 15，
###注意二：采用这种方式登录，不能针对某个用户进行特殊的权限设置，所有的权限都用vty里的user privilege level 15语句设定