355
authentication method is password, the command level accessible to the user is authorized by
AAA.
• SSH1 does not support SFTP or SCP. For an SSH1 client, you must set the service type to
stelnet or all.
• For an SFTP SSH user, the working folder depends on the authentication method:
{ If the authentication method is password, the working folder is authorized by AAA.
{ If the authentication method is publickey or password-publickey, the working folder is set
by using the ssh user command.
• If you change the authentication mode or public key for an SSH user that has logged in, the
change takes effect only on the user at next login.
Configuration procedure
To configure an SSH user and specify the service type and authentication method:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an SSH user,
and specify the service
type and authentication
method.
• In non-FIPS mode, create an SSH user, and
specify the service type and authentication
method for Stelnet users:
ssh user username service-type stelnet
authentication-type { password | { any |
password-publickey | publickey } assign
{ pki-domain pkiname | publickey
keyname } }
• In FIPS mode, create an SSH user, and
specify the service type and authentication
method for Stelnet users:
ssh user username service-type stelnet
authentication-type { password |
password-publickey assign publickey
keyname }
• In non-FIPS mode, create an SSH user, and
specify the service type and authentication
method for all users, SCP or SFTP users:
ssh user username service-type { all | scp |
sftp } authentication-type { password |
{ any | password-publickey | publickey }
assign { pki-domain pkiname | publickey
keyname } work-directory directory-name }
• In FIPS mode, create an SSH user, and
specify the service type and authentication
method for all users, SCP or SFTP users:
ssh user username service-type { all | sftp }
authentication-type { password |
password-publickey assign publickey
keyname w
ork-directory directory-name }
Use one of the
commands.
Setting the SSH management parameters
The SSH management parameters can be set to improve the security of SSH connections. The SSH
management parameters include:
• Compatibility between the SSH server and SSH1 clients.
• RSA server key pair update interval, applicable to users using SSH1 client.
• SSH user authentication timeout period. This parameter is used to reject a connection if the
authentication for the connection is not completed before the timeout period expires.
To Next Page
Loading...
Need help?
General
