Configuration procedure, Setting the ssh management parameters – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 308

294
•
You can set the service type to Stelnet or SFTP. For more information about Stelnet and SFTP, see
and "Configuring SFTP."
•
You can enable one of the following authentication modes for the SSH user:
{
password—The user must pass password authentication.
{
publickey authentication—The user must pass publickey authentication.
{
password-publickey authentication—As an SSH2.0 user, the user must pass both password
and publickey authentication. As an SSH1 user, the user must pass either password or publickey
authentication.
{
any—The user can use either password authentication or publickey authentication.
•
If publickey authentication, whether with password authentication or not, is used, the command
level accessible to the user is set by the user privilege level command on the user interface. If only
password authentication is used, the command level accessible to the user is authorized by AAA.
•
SSH1 does not support SFTP. For an SSH1 client, you must set the service type to stelnet or all.
•
For an SFTP SSH user, the working folder depends on the authentication method:
{
If only password authentication is used, the working folder is authorized by AAA.
{
If publickey authentication, whether with password authentication or not, is used, the working
folder is set by using the ssh user command.
•
If you change the authentication mode or public key for an SSH user that has been logged in, the
change can take effect only at the next login of the user.
Configuration procedure
To configure an SSH user and specify the service type and authentication method:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an SSH user, and
specify the service type and
authentication method.
•
For Stelnet users:
ssh user username service-type stelnet
authentication-type { password |
{ any | password-publickey |
publickey } assign publickey
keyname }
•
For all users or SFTP users:
ssh user username service-type { all |
sftp } authentication-type { password
| { any | password-publickey |
publickey } assign publickey keyname
work-directory directory-name }
Use either command.
Setting the SSH management parameters
SSH management includes:
•
Enabling the SSH server to be compatible with SSH1 client
•
Setting the RSA server key pair update interval, applicable to users using SSH1 client
•
Setting the SSH user authentication timeout period
•
Setting the maximum number of SSH authentication attempts
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000