249
CAUTION:
• A user without an SSH account can still pass password authentication and log in to the server, as lon
as the user can pass AAA authentication and the service type is SSH.
• An SSH server supports up to 1024 SSH users.
• SSH1 does not support the service type scp or sftp. If the client uses SSH1 to log in to the server, you mus
set the service type to stelnet or all on the server.
• An SCP or SFTP user's working folder depends on the authentication method. For a user using only
password authentication, the working folder is the AAA authorized one. For a user usin
only publicke
authentication or using both the publickey and password authentication methods, the workin
folder is
the one set by using the ssh user command.
• You can change the authentication method and public key of an SSH user when the user is
communicating with the SSH server, but your chan
es take effect only after the user lo
s out and lo
s in
again.
NOTE:
• With publickey authentication, which commands a user can use after login depends on the user
privilege level, which is configured with the user privilege level command on the user interface.
• With password authentication, which commands a user can use after login depends on AAA
authorization.
Setting the SSH management parameters
SSH management includes:
• Enabling the SSH server to be compatible with SSH1 client
• Setting the RSA server key pair update interval, applicable to users using SSH1 client
• Setting the SSH user authentication timeout period
• Setting the maximum number of SSH authentication attempts
Setting the parameters can help avoid malicious guessing at and cracking of the keys and usernames,
securing your SSH connections.
Follow these steps to set the SSH management parameters:
To do… Use the command…
Remarks
Enter system view system-view —
Enable the SSH server to support
SSH1 clients
ssh server compatible-ssh1x
[ enable ]
Optional
By default, the SSH server supports
SSH1 clients.
This command is not supported in
FIPS mode.
Set the RSA server key pair update
interval
ssh server rekey-interval hours
Optional
0 by default. That is, the RSA server
key pair is not updated.
This command is not supported in
FIPS mode.
To Next Page
Loading...
