Configuring the SSH Server 393
remote server. And the user can use its username and password configured on
the remote server to access the network.
■ Both publickey and rsa indicate public key authentication. They are
implemented with the same method.
■ Under the publickey authentication mode, the level of commands available to
a logged-in SSH user can be configured using the user privilege level
command on the server, and all the users with this authentication mode will
enjoy this level.
■ Under the password or password-publickey authentication mode, the level
of commands available to a logged-in SSH user is determined by the AAA
scheme. Meanwhile, for different users, the available levels of commands are
also different.
■ Under the all authentication mode, the level of commands available to a
logged-in SSH user is determined by the actual authentication method used for
the user.
Specifying a Service
Type for an SSH User
c
CAUTION: If the ssh user service-type command is executed with a username
that does not exist, the system will automatically create the SSH user. However,
the user cannot log in unless you specify an authentication type for it.
Configuring SSH
Management
The SSH server provides a number of management functions that prevent illegal
operations such as malicious password guess, to further guarantee the security of
SSH connections.
c
CAUTION:
■ You can configure a login header only when the service type is stelnet. For
configuration of service types, see
“Specifying a Service Type for an SSH User”.
Tab le 305 Specify the service type of an SSH user:
Operation Command Remarks
Enter system view system-view -
Specify a service type for an
SSH user
ssh user username
service-type { stelnet | sftp |
all }
Required
stelnet by default
Tab le 306 Configure SSH management
Operation Command Description
Enter system view system-view -
Set SSH authentication
timeout time
ssh server timeout seconds Optional
By default, the timeout time is
60 seconds.
Set SSH authentication retry
times
ssh server
authentication-retries times
Optional
By default, the number of
retry times is 3.
Configure a login header header shell text Optional
By default, no login header is
configured.
To Next Page
Loading...
