Scribd Logo
Unggah

Selamat datang di Scribd!

  • Labnario Com

    Diunggah oleh

    Hussein Dhafan
    316 tayangan5 halaman
    eNSP lab

    Judul Asli

    Labnario Com(3)

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    eNSP lab

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    316 tayangan5 halaman

    Labnario Com

    Diunggah oleh

    Hussein Dhafan
    eNSP lab

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    31 Mar

    2015

    VTY access to Secospace USG6300


    Posted in Security

    A new box for fun :)


    Thanks to my colleagues I have opportunity to test Huawei Secospace USG6300.
    A rental period is not long, so let's start from the beginning.

    Telnet and SSH

    Configure IP address of firewall's interface and assign it to trust zone:


    [USG6300]interface GigabitEthernet 0/0/7
    [USG6300-GigabitEthernet0/0/7]ip address 172.16.1.1 24
    [USG6300]firewall zone trust
    [USG6300-zone-trust]add interface GigabitEthernet 0/0/7

    Enable telnet and SSH services on that interface:


    [USG6300]interface GigabitEthernet 0/0/7
    [USG6300-GigabitEthernet0/0/7]service-manage telnet permit
    [USG6300-GigabitEthernet0/0/7]service-manage ssh permit

    Create local users for telnet and SSH access:


    [USG6300]aaa
    [USG6300-aaa]manager-user vty_labnario
    [USG6300-aaa-manager-user-vty_labnario]password cipher Labnario123
    [USG6300-aaa-manager-user-vty_labnario]service-type telnet
    [USG6300-aaa-manager-user-vty_labnario]level 15
    #
    manager-user ssh_labnario
    password cipher %@%@*;-$=&1LSK4n^9Tn)Ny!H,#w3&0~LrT%*W@gFyXV4LT,"2)$%@%@
    service-type ssh
    level 15
    ftp-directory hda1:
    ssh authentication-type password
    ssh service-type stelnet
    #

    Set authentication method for VTY interfaces:


    [USG6300]user-interface vty 0 4
    [USG6300-ui-vty0-4]authentication-mode aaa

    Enable servers for configured services:


    [USG6300]telnet server enable
    [USG6300]stelnet server enable

    converted by Web2PDFConvert.com

    To complete SSH configuration, create RSA key:


    [USG6300]rsa local-key-pair create
    12:06:32 2015/03/31
    The key name will be: USG6300_Host
    The range of public key size is (512 ~ 2048).
    NOTES: A key shorter than 2048 bits may cause security risks.
    The generation of a key longer than 512 bits may take several minutes.
    Input the bits in the modulus[default = 2048]:
    Generating keys...
    .+++
    .............+++
    .............++++++++
    .............++++++++
    [USG6300]

    Let's verify access to the device:

    ***********************************************************
    *
    All rights reserved 2014
    *
    *
    Without the owner's prior written consent,
    *
    * no decompiling or reverse-engineering shall be allowed. *
    * Notice:
    *
    *
    This is a private communication system.
    *
    *
    Unauthorized access or use may lead to prosecution.
    *
    ***********************************************************
    Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.
    Login authentication

    Username:vty_labnario
    Password:
    Note: The max number of VTY users is 5, and the current number
    of VTY users on line is 1.
    NOTICE:This is a private communication system.
    Unauthorized access or use may lead to prosecution.
    <USG6300>
    First time login or password is overtime, Please change your password.
    Please input new password:**********
    Please confirm new password:**********
    Note: The max number of VTY users is 5, and the current number
    of VTY users on line is 1.
    NOTICE:This is a private communication system.
    Unauthorized access or use may lead to prosecution.
    <USG6300>

    converted by Web2PDFConvert.com

    login as: ssh_labnario


    ssh_labnario@172.16.1.1's password:
    ***********************************************************
    *
    All rights reserved 2014
    *
    *
    Without the owner's prior written consent,
    *
    * no decompiling or reverse-engineering shall be allowed. *
    * Notice:
    *
    *
    This is a private communication system.
    *
    *
    Unauthorized access or use may lead to prosecution.
    *
    ***********************************************************
    Note: The max number of VTY users is 5, and the current number
    of VTY users on line is 1.
    ---------------------------------------------------------------------------User last login information:
    ---------------------------------------------------------------------------Access Type: SSH
    IP-Address : 172.16.1.10
    Time
    : 2015-03-31 12:08:16 +01:00
    State
    : Login Succeeded
    ---------------------------------------------------------------------------<USG6300>
    Note: The max number of VTY users is 5, and the current number
    of VTY users on line is 1.
    NOTICE:This is a private communication system.
    Unauthorized access or use may lead to prosecution.
    <USG6300>

    As you could see, password must be changed after the first login. You can disable modifying the password by the command:
    [USG6300-aaa]undo manager-user password-modify enable

    SFTP
    As secure FTP is related to SSH , let's try to finish this article with SFTP configuration:
    #
    manager-user sftp_lab
    password cipher %@%@!siuS<f},>]>IM,2!|,#K!ul&;<u1g4:%'e8[NIfPZF@*'{v%@%@
    service-type ssh
    level 15
    ftp-directory hda1:
    ssh authentication-type password
    ssh service-type sftp
    #
    [USG6300]sftp server enable
    Info: Succeeded in starting the SFTP server.

    To verify, we can use PSFTP software:


    psftp> open 172.16.1.1
    login as: sftp_lab
    Using username "sftp_lab".
    sftp_lab/172.16.1.1's password:
    Remote working directory is /
    psftp>

    Tags: telnet, SSH, SFTP, Huawei firewall, USG6300, Secospace USG6300

    converted by Web2PDFConvert.com

    COMMENTS

    Sort by Oldest First

    Sort by Latest First

    No comments found

    LEAVE YOUR COMMENTS

    Login to post a comment


    Username

    Password

    Remember me

    Register

    Login

    Forgot password

    Post comment as a guest


    Name (Required):

    Email:

    Website:

    Your comments are subjected to administrator's moderation.


    Agree to terms and condition.

    Submit Comment

    Powered by Komento

    Categories
    Basic Con guration
    Cheat Sheets
    converted by Web2PDFConvert.com

    Command Line
    Ethernet
    FAQ
    General
    How To
    IP Routing
    IP Services
    Multicast
    QoS
    Reliability
    Security
    System Management
    VPN
    WAN

    Latest Posts
    NAT server on Huawei USG5500
    outbound NAT on Huawei USG5500
    https--->webUI--->Huawei Secospace USG6300
    VTY access to Secospace USG6300
    CPU usage alarm threshold

    Built with HTML5 and CSS3


    - Copyright 2014 Labnario
    Powered by Warp Theme Framework

    converted by Web2PDFConvert.com

    Anda mungkin juga menyukai