在telent远程访问协议中,可以通过wireshark抓取报文,就会看到用户名和密码,说明在网络中传输有风险。而使用ssh远程访问协议,抓取报文时就会加密显示。所以平时使用ssh远程访问网络设备安全性更可靠。
1、搭建虚拟环境测试拓扑如下:
2、路由器配置
AR1 配置如下:
<Huawei>
Aug 21 2023 12:42:34-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt
hernet0/0/0 has turned into UP state.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]inter
[AR1]interface G
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
Aug 21 2023 12:43:13-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[AR1-GigabitEthernet0/0/0]quit
[AR1]quit
<AR1>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
<AR1>ping 192.168.10.2
PING 192.168.10.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.10.2: bytes=56 Sequence=1 ttl=255 time=140 ms
Reply from 192.168.10.2: bytes=56 Sequence=2 ttl=255 time=80 ms
Reply from 192.168.10.2: bytes=56 Sequence=3 ttl=255 time=70 ms
Reply from 192.168.10.2: bytes=56 Sequence=4 ttl=255 time=70 ms
Reply from 192.168.10.2: bytes=56 Sequence=5 ttl=255 time=50 ms
--- 192.168.10.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/82/140 ms
<AR1>
AR2 配置如下:
The device is running! <Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sysname AR2 [AR2]iner [AR2]inter [AR2]interface G [AR2]interface GigabitEthernet 0/0/0 [AR2-GigabitEthernet0/0/0]ip address 192.168.10.2 24 Aug 21 2023 12:44:19-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. [AR2-GigabitEthernet0/0/0]quit [AR2]quit <AR2>save The current configuration will be written to the device. Are you sure to continue? (y/n)[n]:Y It will take several minutes to save configuration file, please wait........ Configuration file had been saved successfully Note: The configuration file will take effect after being activated <AR2>
AR1 ping AR2 是通的
3、配置路由telnet服务
[AR1]aaa [AR1-aaa]local-user liu password cipher a888888 [AR1-aaa]local-user liu service-type telnet [AR1-aaa]local-user liu privilege level 15 [AR1-aaa]quit [AR1]user-interface vty 0 4 [AR1-ui-vty0-4]authentication-mode aaa [AR1-ui-vty0-4]user privilege level 15 [AR1-ui-vty0-4]quit [AR1]quit <AR1>
<AR2>sys Enter system view, return user view with Ctrl+Z. [AR2]aaa [AR2-aaa]local-user liu1 password cipher a888888 Info: Add a new user. [AR2-aaa]local-user liu1 privilege level 15 [AR2-aaa]local-user liu1 service-type telnet [AR2-aaa]quit [AR2]user-interface vty 0 4 [AR2-ui-vty0-4]authentication-mode aaa [AR2-ui-vty0-4]user privilege level 15 [AR2-ui-vty0-4]quit [AR2]quit
AR1、AR2 telnet远程都是互通的。
liu a888888
liu1 a888888
4、通过wireshark抓取报文
在AR1-GE0/0/0 抓取报文可以显示用户名和密码等信息。