beautypg.com

H3C Technologies H3C S3600 Series Switches User Manual

Page 901

background image

1-11

z

For password authentication type, the username argument must be consistent with the valid user

name defined in AAA; for publickey authentication, the username argument is the SSH local user

name, so that there is no need to configure a local user in AAA.

z

If the default authentication type for SSH users is password and local AAA authentication is

adopted, you need not use the ssh user command to create an SSH user. Instead, you can use

the local-user command to create a user name and its password and then set the service type of

the user to SSH.

z

If the default authentication type for SSH users is password and remote authentication (RADIUS

authentication, for example) is adopted, you need not use the ssh user command to create an

SSH user, because it is created on the remote server. And the user can use its username and

password configured on the remote server to access the network.

z

Under the publickey authentication mode, the level of commands available to a logged-in SSH

user can be configured using the user privilege level command on the server, and all the users

with this authentication mode will enjoy this level.

z

Under the password or password-publickey authentication mode, the level of commands

available to a logged-in SSH user is determined by the AAA scheme. Meanwhile, for different users,

the available levels of commands are also different.

z

Under the all authentication mode, the level of commands available to a logged-in SSH user is

determined by the actual authentication method used for the user.

Specifying a Service Type for an SSH User on the Server

At present, the switch supports two service types for SSH: stelnet (secure Telnet) and SFTP.

z

The secure Telnet service is a basic application of SSH protocol. It uses the secure channel of SSH

to provide remote login.

z

The SFTP service is an extended application of SSH protocol. It uses the secure channel of SSH to

perform remote FTP operations.

Follow these steps to specify the service type for an SSH user:

To do...

Use the command...

Remarks

Enter system view

system-view

Specify a service type for an
SSH user

ssh user username
service-type
{ stelnet | sftp |
all }

Required

By default, an SSH user can
use the service type of stelnet.

If the ssh user service-type command is executed with a username that does not exist, the system will

automatically create the SSH user. However, the user cannot log in unless you specify an

authentication type for it.

This manual is related to the following products: