Operation Manual - SSH Terminal Services
Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Services
Huawei Technologies Proprietary
1-7
Caution:
z If RSA authentication type is defined, then the RSA public key of the client user must
be configured on the switch.
z By default, no authentication type is specified for a new user, so they cannot access
the switch.
z For the password-publickey authentication type: SSHv1 client users can access
the switch as long as they pass one of the two authentications. SSHv2 client users
can access the switch only when they pass both the authentications.
z For the password authentication, username should be consistent with the effective
user name defined in AAA; for the RSA authentication, username is the SSH local
user name, so that there is no need to configure a local user in AAA.
IV. Configuring server SSH attributes
Configuring server SSH authentication timeout time, retry times, server keys update
interval and SSH compatible mode can effectively assure security of SSH connections
by avoiding illegal actions such as malicious password guessing.
Table 1-5 Configure server SSH attributes
Operation Command Description
Enter system view
system-view
—
Set SSH
authentication
timeout time
ssh server timeout seconds
Optional
The timeout time
defaults to 60
seconds.
Set SSH
authentication retry
times
ssh server authentication-retries
times
Optional
The retry times
defaults to 3.
Set server keys
update interval
ssh server rekey-interval
Optional
By default, the
system does not
update server keys.
Set SSH server
compatible with
SSHv1.x client
ssh server compatible-ssh1x
enable
Optional
By default, SSH
server is compatible
with SSHv1.x client.
To Next Page
Loading...
