beautypg.com

Setting the ssh management parameters – H3C Technologies H3C SecBlade LB Cards User Manual

Page 174

background image

163

If you change the authentication mode or public key for an SSH user that has logged in, the change

takes effect only at the next login of the user.

To configure an SSH user and specify the service type and authentication method:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSH user,
and specify the

service type and

authentication
method.

Create an SSH user, and specify the service type and

authentication method for Stelnet users:

ssh user username service-type stelnet
authentication-type { password | { any |

password-publickey | publickey } assign

{ pki-domain pkiname | publickey keyname } }

Create an SSH user, and specify the service type and

authentication method for all users, SCP or SFTP

users:
ssh user username service-type { all | scp | sftp }

authentication-type { password | { any |

password-publickey | publickey } assign
{ pki-domain pkiname | publickey keyname }

work-directory directory-name }

Use either command.

Setting the SSH management parameters

The SSH management parameters can be set to improve the security of SSH connections. The SSH

management parameters include:

Compatibility between the SSH server and SSH1 clients.

RSA server key pair update interval, applicable to users using SSH1 client.

SSH user authentication timeout period. This parameter is used to reject a connection if the
authentication for the connection is not completed before the timeout period expires.

Maximum number of SSH authentication attempts. This parameter is used to prevent malicious
password cracking.

SFTP connection idle timeout period. Once the idle period of an SFTP connection exceeds the
specified threshold, the system automatically tears the connection down.

To set the SSH management parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the SSH server to
support SSH1 clients.

ssh server compatible-ssh1x

enable

Optional.
By default, the SSH server supports

SSH1 clients.

3.

Set the RSA server key pair
update interval.

ssh server rekey-interval hours

Optional.
By default, the interval is 0, and the

RSA server key pair is not updated.

4.

Set the SSH user
authentication timeout period.

ssh server authentication-timeout
time-out-value

Optional.
60 seconds by default.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: