尝试通过 vrf 管理界面在 ASR-9K 上启用 ssh。似乎不像常规 IOS 或 NX-OS 那样直接。帮助表示赞赏。
#RP/0/RSP0/CPU0:asr#show run
Tue Apr 4 21:54:55.407 UTC
Building configuration...
!! IOS XR Configuration 5.3.3
!! Last configuration change at Tue Apr 4 17:55:46 2017 by admin
!
hostname asr
domain name cislab.com
username su
password 7 32221112255
!
vrf mgmt
!
line default
transport input ssh
!
ipv4 access-list 10
10 permit ipv4 any any
!
interface MgmtEth0/RSP0/CPU0/0
vrf mgmt
ipv4 address 10.7.0.38 255.255.255.0
!
interface MgmtEth0/RSP0/CPU0/1
shutdown
!
interface GigabitEthernet0/0/0/0
shutdown
!
interface GigabitEthernet0/0/0/1
shutdown
!
interface TenGigE0/0/2/2
shutdown
!
interface TenGigE0/0/2/3
shutdown
!
router static
vrf mgmt
address-family ipv4 unicast
0.0.0.0/0 10.7.0.1
!
!
!
ssh server vrf default
end
RP/0/RSP0/CPU0:asr#
RP/0/RSP0/CPU0:asr#show ssh sess de
Tue Apr 4 22:16:49.281 UTC
SSH version : Cisco-2.0
id key-exchange pubkey incipher outcipher inmac outmac
-------------------------------------------------------------------
Incoming Session
Outgoing connection
RP/0/RSP0/CPU0:asr#show log
RP/0/RSP0/CPU0:asr#show tcp br
Tue Apr 4 22:18:30.424 UTC
PCB VRF-ID Recv-Q Send-Q Local Address Foreign Address State
0x50255d30 0x60000002 0 0 :::22 :::0 LISTEN
0x502554ac 0x00000000 0 0 :::22 :::0 LISTEN
0x50255b60 0x60000002 0 0 0.0.0.0:22 0.0.0.0:0 LISTEN
0x50195484 0x00000000 0 0 0.0.0.0:22 0.0.0.0:0 LISTEN
RP/0/RSP0/CPU0:asr#
RP/0/RSP0/CPU0:asr#show log | incl ssh
Tue Apr 4 22:18:53.668 UTC
RP/0/RSP0/CPU0:Apr 4 17:45:08.766 : SSHD_[65766]: %SECURITY-SSHD-6-INFO_GENERAL : no matching kex found: client ssh-rsa server ssh-dss
RP/0/RSP0/CPU0:Apr 4 17:46:41.377 : SSHD_[65857]: %SECURITY-SSHD-6-INFO_GENERAL : no matching kex found: client ssh-rsa server ssh-dss
RP/0/RSP0/CPU0:Apr 4 17:47:26.352 : SSHD_[65766]: %SECURITY-SSHD-6-INFO_GENERAL : no matching kex found: client ssh-rsa server ssh-dss
RP/0/RSP0/CPU0:asr#