526互联

29、telnet远程访问的安全分析

发布时间 2023-08-21 14:14:23作者: 五杀摇滚小拉夫

在telent远程访问协议中,可以通过wireshark抓取报文,就会看到用户名和密码,说明在网络中传输有风险。而使用ssh远程访问协议,抓取报文时就会加密显示。所以平时使用ssh远程访问网络设备安全性更可靠。

1、搭建虚拟环境测试拓扑如下:

 2、路由器配置

AR1 配置如下:

<Huawei>
Aug 21 2023 12:42:34-08:00 Huawei %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEt
hernet0/0/0 has turned into UP state.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]inter
[AR1]interface G
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
Aug 21 2023 12:43:13-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[AR1-GigabitEthernet0/0/0]quit
[AR1]quit
<AR1>save
The current configuration will be written to the device.
Are you sure to continue? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.......
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
<AR1>ping 192.168.10.2
PING 192.168.10.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.10.2: bytes=56 Sequence=1 ttl=255 time=140 ms
Reply from 192.168.10.2: bytes=56 Sequence=2 ttl=255 time=80 ms
Reply from 192.168.10.2: bytes=56 Sequence=3 ttl=255 time=70 ms
Reply from 192.168.10.2: bytes=56 Sequence=4 ttl=255 time=70 ms
Reply from 192.168.10.2: bytes=56 Sequence=5 ttl=255 time=50 ms

--- 192.168.10.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/82/140 ms

<AR1>

 AR2 配置如下:

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]iner    
[AR2]inter    
[AR2]interface G    
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 192.168.10.2 24
Aug 21 2023 12:44:19-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
 on the interface GigabitEthernet0/0/0 has entered the UP state. 
[AR2-GigabitEthernet0/0/0]quit
[AR2]quit
<AR2>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:Y
  It will take several minutes to save configuration file, please wait........
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR2>

AR1 ping AR2 是通的
3、配置路由telnet服务

[AR1]aaa
[AR1-aaa]local-user liu password cipher a888888
[AR1-aaa]local-user liu service-type telnet 
[AR1-aaa]local-user liu privilege level 15
[AR1-aaa]quit
[AR1]user-interface vty 0 4 
[AR1-ui-vty0-4]authentication-mode aaa
[AR1-ui-vty0-4]user privilege level 15
[AR1-ui-vty0-4]quit
[AR1]quit
<AR1>
<AR2>sys
Enter system view, return user view with Ctrl+Z.
[AR2]aaa 
[AR2-aaa]local-user liu1 password cipher a888888
Info: Add a new user.  
[AR2-aaa]local-user liu1 privilege level 15
[AR2-aaa]local-user liu1 service-type telnet
[AR2-aaa]quit
[AR2]user-interface vty 0 4
[AR2-ui-vty0-4]authentication-mode aaa
[AR2-ui-vty0-4]user privilege level 15
[AR2-ui-vty0-4]quit
[AR2]quit

AR1、AR2 telnet远程都是互通的。

liu a888888
liu1 a888888

4、通过wireshark抓取报文

在AR1-GE0/0/0 抓取报文可以显示用户名和密码等信息。