Setting the ssh management parameters, Configuring the firewall as an ssh client, Ssh client configuration task list – H3C Technologies H3C SecPath F1000-E User Manual

158

Setting the SSH management parameters

SSH management includes:

•

Enabling the SSH server to be compatible with SSH1 client

•

Setting the RSA server key pair update interval, applicable to users using SSH1 client

•

Setting the SSH user authentication timeout period

•

Setting the maximum number of SSH authentication attempts

•

Setting these parameters can help avoid malicious guessing at and cracking of the keys and
usernames, securing your SSH connections.

To set the SSH management parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the SSH server to

support SSH1 clients.

ssh server compatible-ssh1x
enable

Optional.
By default, the SSH server supports
SSH1 clients.

3.

Set the RSA server key pair
update interval.

ssh server rekey-interval hours

Optional.
0 by default. That is, the RSA server
key pair is not updated.

4.

Set the SSH user

authentication timeout period.

ssh server authentication-timeout
time-out-value

Optional.
60 seconds by default.

5.

Set the maximum number of
SSH authentication attempts.

ssh server authentication-retries
times

Optional.
3 by default.

NOTE:

Authentication will fail if the number of authentication attempts (including both publickey and password
authentication) exceeds that specified in the ssh server authentication-retries command.

Configuring the firewall as an SSH client

SSH client configuration task list

Task Remarks

Specifying a source IP address/interface for the SSH client

Optional

Enabling and disabling first-time authentication

Optional

Establishing a connection between an SSH client and the server

Required