Verifying the configuration, Network requirements, Configuration procedure – H3C Technologies H3C S12500-X Series Switches User Manual

48

# Enable the SSH service.

[Switch] ssh server enable

# Enable scheme authentication for user lines VTY 0 through VTY 63.

[Switch] line vty 0 63

[Switch-line-vty0-63] authentication-mode scheme

[Switch-line-vty0-63] quit

# Enable the default user role feature to assign authenticated SSH users the default user role
network-operator.

[Switch] role default-role enable

174B

Verifying the configuration

When the user initiates an SSH connection to the switch and enter the correct username and password,

the user successfully logs in and can use the commands for the network-operator user role.

24B

Local authentication, HWTACACS authorization,
and RADIUS accounting for SSH users

175B

Network requirements

As shown in

744H

Figure 12

, configure the switch to perform local authentication for SSH servers, use the

HWTACACS server and RADIUS server for SSH user authorization and accounting respectively, and to

assign the default user role network-operator to SSH users after they pass authentication.
Configure an account with the username hello for the SSH user. Configure the shared keys for secure

communication with the HWTACACS server and RADIUS server to expert. Configure the switch to
remove domain names from usernames sent to the servers.

Figure 12 Network diagram

176B

Configuration procedure

1.

Configure the HWTACACS server. (Details not shown.)

2.

Configure the RADIUS server. (Details not shown.)

3.

Configure the switch: