beautypg.com

Configuring the ssh management functions – H3C Technologies H3C S3600 Series Switches User Manual

Page 897

background image

1-7

To do...

Use the command...

Remarks

Configure the authentication
mode as scheme

authentication-mode scheme
[ command-authorization ]

Required

By default, the user interface
authentication mode is
password.

Specify the supported
protocol(s)

protocol inbound { all |ssh }

Optional

By default, both Telnet and
SSH are supported.

z

If you have configured a user interface to support SSH protocol, you must configure AAA

authentication for the user interface by using the authentication-mode scheme command to

ensure successful login.

z

On a user interface, if the authentication-mode password or authentication-mode none

command has been executed, the protocol inbound ssh command is not available. Similarly, if

the protocol inbound ssh command has been executed, the authentication-mode password

and authentication-mode none commands are not available.

Configuring the SSH Management Functions

The SSH server provides a number of management functions to prevent illegal operations such as

malicious password guess, guaranteeing the security of SSH connections. You can specify the IP

address or the interface corresponding to the IP address for the SSH server to provide SSH access

services for clients. In this way, the SSH client accesses the SSH server only using the specified IP

address. This increases the service manageability when the SSH server has multiple interfaces and IP

addresses.

Follow these steps to configure SSH management functions:

To do...

Use the command...

Remarks

Enter system view

system-view

Set the SSH authentication
timeout time

ssh server timeout seconds

Optional

By default, the SSH
authentication timeout time is 60
seconds.

Set the number of SSH
authentication retry attempts

ssh server
authentication-retries times

Optional

By default, the number of SSH
authentication retry attempts is 3.

Set the RSA server key update
interval

ssh server rekey-interval
hours

Optional

By default, the system does not
update the RSA server keys.

Configure a login header

header shell text

Optional

By default, no login header is
configured.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: