Configuration procedure, Setting the ssh management parameters – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

294

•

You can set the service type to Stelnet or SFTP. For more information about Stelnet and SFTP, see

"

Overview"

and "Configuring SFTP."

•

You can enable one of the following authentication modes for the SSH user:

{

password—The user must pass password authentication.

{

publickey authentication—The user must pass publickey authentication.

{

password-publickey authentication—As an SSH2.0 user, the user must pass both password
and publickey authentication. As an SSH1 user, the user must pass either password or publickey
authentication.

{

any—The user can use either password authentication or publickey authentication.

•

If publickey authentication, whether with password authentication or not, is used, the command
level accessible to the user is set by the user privilege level command on the user interface. If only

password authentication is used, the command level accessible to the user is authorized by AAA.

•

SSH1 does not support SFTP. For an SSH1 client, you must set the service type to stelnet or all.

•

For an SFTP SSH user, the working folder depends on the authentication method:

{

If only password authentication is used, the working folder is authorized by AAA.

{

If publickey authentication, whether with password authentication or not, is used, the working
folder is set by using the ssh user command.

•

If you change the authentication mode or public key for an SSH user that has been logged in, the
change can take effect only at the next login of the user.

Configuration procedure

To configure an SSH user and specify the service type and authentication method:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSH user, and
specify the service type and

authentication method.

•

For Stelnet users:
ssh user username service-type stelnet

authentication-type { password |

{ any | password-publickey |

publickey } assign publickey
keyname }

•

For all users or SFTP users:
ssh user username service-type { all |

sftp } authentication-type { password

| { any | password-publickey |

publickey } assign publickey keyname
work-directory directory-name }

Use either command.

Setting the SSH management parameters

SSH management includes:

•

Enabling the SSH server to be compatible with SSH1 client

•

Setting the RSA server key pair update interval, applicable to users using SSH1 client

•

Setting the SSH user authentication timeout period

•

Setting the maximum number of SSH authentication attempts