H3C Technologies H3C S3600 Series Switches User Manual
Page 901
1-11
z
For password authentication type, the username argument must be consistent with the valid user
name defined in AAA; for publickey authentication, the username argument is the SSH local user
name, so that there is no need to configure a local user in AAA.
z
If the default authentication type for SSH users is password and local AAA authentication is
adopted, you need not use the ssh user command to create an SSH user. Instead, you can use
the local-user command to create a user name and its password and then set the service type of
the user to SSH.
z
If the default authentication type for SSH users is password and remote authentication (RADIUS
authentication, for example) is adopted, you need not use the ssh user command to create an
SSH user, because it is created on the remote server. And the user can use its username and
password configured on the remote server to access the network.
z
Under the publickey authentication mode, the level of commands available to a logged-in SSH
user can be configured using the user privilege level command on the server, and all the users
with this authentication mode will enjoy this level.
z
Under the password or password-publickey authentication mode, the level of commands
available to a logged-in SSH user is determined by the AAA scheme. Meanwhile, for different users,
the available levels of commands are also different.
z
Under the all authentication mode, the level of commands available to a logged-in SSH user is
determined by the actual authentication method used for the user.
Specifying a Service Type for an SSH User on the Server
At present, the switch supports two service types for SSH: stelnet (secure Telnet) and SFTP.
z
The secure Telnet service is a basic application of SSH protocol. It uses the secure channel of SSH
to provide remote login.
z
The SFTP service is an extended application of SSH protocol. It uses the secure channel of SSH to
perform remote FTP operations.
Follow these steps to specify the service type for an SSH user:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Specify a service type for an
SSH user
ssh user username
service-type { stelnet | sftp |
all }
Required
By default, an SSH user can
use the service type of stelnet.
If the ssh user service-type command is executed with a username that does not exist, the system will
automatically create the SSH user. However, the user cannot log in unless you specify an
authentication type for it.