Configuration procedure, Setting the ssh management parameters – H3C Technologies H3C S6300 Series Switches User Manual

274

•

When the device operates in FIPS mode as an SSH server, the device does not support the

authentication method of any or publickey.

For information about configuring local users and remote authentication, see "

Configuring AAA

."

Configuration procedure

To configure an SSH user, and specify the service type and authentication method:

Step Command

Remarks

1.

Enter system
view.

system-view N/A

2.

Create an SSH
user, and

specify the
service type

and

authentication
method.

•

In non-FIPS mode:

ssh user username service-type { all | netconf | scp
| sftp | stelnet } authentication-type { password |

{ any | password-publickey | publickey } assign

{ pki-domain domain-name | publickey keyname } }

•

In FIPS mode:

ssh user username service-type { all | netconf | scp

| sftp | stelnet } authentication-type { password |
password-publickey assign { pki-domain

domain-name | publickey keyname } }

The netconf keyword is
available in Release
2311P04 and later versions.

Setting the SSH management parameters

Setting the SSH management parameters improves the security of SSH connections.
To set the SSH management parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the SSH server to
support SSH1 clients.

ssh server compatible-ssh1x
enable

By default, the SSH server supports
SSH1 clients.
This command is not available in

FIPS mode.

3.

Set the RSA server key pair
update interval.

ssh server rekey-interval hours

By default, the RSA server key pair
is not updated.
This command takes effect only on
SSH1 clients.
This command is not available in
FIPS mode.

4.

Set the SSH user

authentication timeout period.

ssh server authentication-timeout
time-out-value

The default setting is 60 seconds.
If a user does not finish the
authentication when the timeout

timer expires, the connection

cannot be established.