Configuring authentication mode – H3C Technologies H3C SecPath F1000-E User Manual
Page 260
8
Configuring Supported Protocols on VTY User
Interfaces
Follow these steps to configure supported protocols on the active VTY user interface:
To do…
Use the command…
Remarks
Enter system view
system-view
––
Enter VTY user interface view
user-interface { first-num1
[ last-num1 ] | vty first-num2
[ last-num2 ] }
––
Configure the supported protocols
on the current user interface
protocol inbound { all | ssh |
telnet }
Optional
By default, both telnet and SSH are
supported.
NOTE:
•
If SSH is configured, you must set the authentication mode to scheme by using the authentication-mode
scheme command to guarantee a successful login. The protocol inbound ssh command fails if the
authentication mode is password or none. For more information, see the authentication-mode
command in
User Interface Commands in the System Volume.
•
The protocols configured through the protocol inbound command take effect next time you log in
through that user interface.
Configuring Authentication Mode
Authentication mode under a user interface determines whether to authenticate users that are logging in
through the user interface. The method enhances the security of the device. The device supports
authentication modes of none, password, and scheme.
•
none: Requires no username and password when users log in through the specified user interface.
This mode is insecure.
•
password: Requires password authentication on users that are logging in through the user
interface. Always set the password for this mode before terminating your current connection. Next
time when a user attempts to log in, an empty or wrong password fails the login. If no
authentication password is set for this mode on the AUX, VTY, or MODEM user interface, no user
can log in again, and the system displays "Login password has not been set!" If no password is set
on the console user interface, login without a password is allowed.
•
scheme: Requires username and password authentication on users that are logging in through the
user interface. Always set the username and password for this mode before terminating your
current connection. Next time when a user attempts to log in, an empty or wrong username or
password fails the login.
User authentication falls into local authentication and remote authentication. If local authentication is
adopted, configure a local user and the related parameters as shown in the table for configuring
authentication mode as scheme. If remote authentication is adopted, configure username and
password on the remote authentication server. For more information about the user authentication modes
and parameters, see RADIUS Configuration in the Firewall Web Configuration Manual. By default, the