beautypg.com

H3C Technologies H3C S3600 Series Switches User Manual

Page 900

background image

1-10

z

Password authentication

SSH uses the authentication function of AAA to authenticate the password of the user that is logging in.

Based on the AAA authentication scheme, password authentication can be done locally or remotely. For

local authentication, the SSH server saves the user information and implements the authentication. For

remote authentication, the user information is saved on an authentication server (such as a RADIUS

server) and authentication is implemented through the cooperation of the SSH server and the

authentication server. For AAA details, refer to AAA Operation.

z

Publickey authentication

Publickey authentication provides more secure SSH connections than password authentication does.

At present, the device supports RSA and DSA for publickey authentication. After configuration,

authentication is implemented automatically without asking you to enter the password. In this mode,

you need to create a key pair on each client, and configure each client's public key on the server. This

may be complicated when multiple SSH clients want to access one SSH server in the network.

z

Password-publickey authentication

An SSH user must pass both types of authentication before logging in. In this mode, you do not need to

create a key pair on each client. You can configure the clients to use the same key pair that is created

on one client for publickey authentication. With the AAA function in password authentication, the level of

commands available to a logged-in SSH user is determined by the AAA scheme..

Follow these steps to configure an SSH user and specify an authentication type for the user:

To do...

Use the command...

Remarks

Enter system view

system-view

ssh authentication-type default
{ all | password |
password-publickey |
publickey }

Specify the default
authentication type for all SSH
users

ssh user username

Create an SSH user, and
specify an authentication type
for it

ssh user username
authentication-type { all |
password | password-publickey
| publickey }

Use either command.

By default, no SSH user is
created and no authentication
type is specified.

Note that: If both commands
are used and different
authentication types are
specified, the authentication
type specified with the ssh
user authentication-type
command takes precedence.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: