5.4.3 Configuring SSH for the VTY User Interface
For users to log in to the device using STelnet, VTY user interfaces must be configured to support
SSH.
Context
By default, user interfaces support Telnet. A user interface must be configured to support SSH
for users to log in to the device using STelnet.
NOTE
A VTY user interface configured to support SSH must also be configured with AAA authentication.
Otherwise, the protocol inbound ssh command cannot be configured.
Do as follows on the router that serves as an SSH server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface [ vty ] first-ui-number [ last-ui-number ]
The VTY user interface is displayed.
Step 3 Run:
authentication-mode aaa
The AAA authentication mode is configured.
Step 4 Run:
protocol inbound ssh
The VTY user interface is configured to support SSH.
----End
5.4.4 Configuring an SSH User and Specifying STelnet as One of
Service Types
To allow a user to log in to the router by using STelnet, you must configure an SSH user,
configure the router to generate a local RSA key pair, configure a user authentication mode, and
specify a service type for the SSH user.
Context
l SSH users can be authenticated in four modes: RSA, password, password-rsa, and all. You
must create a local user with the specified user name in the AAA view.
l Configuring the router to generate a local RSA key pair is a key step for SSH login. If an
SSH user logs in to an SSH server in password authentication mode, configure the server
to generate a local RSA key pair. If an SSH user logs in to an SSH server in RSA
Huawei AR1200 Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 04 (2012-05-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
87
To Next Page
Loading...
