On the SSH server, run the display rsa local-key-pair public command to check whether the
key pair is configured on the current server. if the key pair is not configured, run the rsa local-
key-pair create command to create it.
[Huawei] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]: 768
Generating keys...
...........................++++++++
.++++++++
...............+++++++++
......+++++++++
Step 5 (Optional) Check whether an SSH user is configured on the SSH server.
An SSH user should be configured on the SSH server. Run the display ssh user-information
command to view the configuration of the SSH user. If no SSH user is configured, run the local-
user user-name password { simple | cipher } password and local-user service-type ssh
commands in the AAA view to create an SSH user.
NOTE
If the SFTP service is enabled, run the local-user user-name ftp-directory directory command in the
AAA view to configure the SFTP directory for the SSH user.
l Create an SSH user.
[Huawei] aaa
[Huawei] local-user abc password simple abc-pass
[Huawei] local-user abc service-type ssh
[Huawei] local-user abc ftp-directory cfcard:/ssh
l The default authentication mode of the SSH user is password. To change the authentication
mode, run the ssh user authentication-type command.
Step 6 Check whether the number of SSH login users has reached the maximum.
For the STelnet and Telnet services, both STelnet users and Telnet users log in to the server
through VTY channels. The number of available VTY channels ranges from 5 to 15. When the
number of users attempt to log in to the server through VTY channels is greater than 15, the new
connection cannot be established between the user and the server.
Log in to the SSH server through a console interface and run the display users command to
check whether all the current VTY channels are used. By default, a maximum of 5 users can log
in to the server through VTY channels.
<Huawei> display user-interface maximum-vty
Maximum of VTY user:5
<Huawei> display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
34 VTY 0 03:31:35 TEL 10.1.1.1 pass no
Username : Unspecified
35 VTY 1 03:51:58 TEL 10.1.1.2 pass no
Username : Unspecified
36 VTY 2 00:10:14 TEL 10.1.1.3 pass no
Username : Unspecified
37 VTY 3 02:31:58 TEL 10.1.1.4 pass no
Username : Unspecified
+ 39 VTY 5 00:00:00 TEL 10.1.1.5 pass no
Username : Unspecified
If the number of users logging in to the server reaches the upper threshold, you can run the user-
interface maximum-vty vty-number command to increase the maximum number of users
allowed to log in to the server through VTY channels to 15.
Huawei AR2200-S Series Enterprise Routers
Troubleshooting 2 System
Issue 01 (2012-01-06) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
To Next Page
Loading...
