HP FlexNetwork MSR Series Command Reference Manual page 630
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
service-type: Specifies a service type for the SSH user.
•
all: Specifies service types Stelnet, SFTP, SCP, and NETCONF.
•
scp: Specifies the service type SCP.
•
sftp: Specifies the service type SFTP.
•
stelnet: Specifies the service type Stelnet.
•
netconf: Specifies the service type NETCONF.
authentication-type: Specifies an authentication method for the SSH user.
•
password: Specifies password authentication. This authentication method provides easy and
fast encryption, but it is vulnerable. It can work with AAA to implement user authentication,
authorization, and accounting.
•
any: Specifies either password authentication or publickey authentication.
•
password-publickey: Specifies both password authentication and publickey authentication for
SSH2 clients. In SSH2, the password-publickey authentication method provides higher
security. If the client runs SSH1, this keyword specifies either password authentication or
publickey authentication.
•
publickey: Specifies publickey authentication. This authentication method has complicated
and slow encryption, but it provides strong authentication that can defend against brute-force
attacks. This authentication method is easy to use. If this method is configured, the
authentication process completes automatically without entering any password.
assign: Specifies parameters used for client verification.
•
pki-domain domain-name: Specifies the PKI domain that verifies the client's digital certificate.
The domain-name argument is a case-insensitive string of 1 to 31 characters, excluding
characters listed in
to verify the client's digital certificate. In this scenario, the server does not need to save clients'
public keys in advance.
Table 86 Invalid characters for a PKI domain name
Character name
Tilde
Asterisk
Backslash
Vertical bar
Colon
•
publickey keyname: Specifies the public key of the SSH client. The keyname argument
represents the SSH client's public key configured on the server. It is a case-insensitive string of
1 to 64 characters. The server uses the client's public key to check the validity of the client. If the
public key file of the client is changed, you must update the client's public key on the server
promptly.
Usage guidelines
Use this command to configure an SSH user depending on the authentication method.
•
If the authentication method is publickey, you must create an SSH user and a local user on the
SSH server. The two users must have the same username, so that the SSH user can be
assigned the correct working directory and user role.
•
If the authentication method is password, you must perform one of the following tasks:
For local authentication, configure a local user on the SSH server.
For remote authentication, configure an SSH user on a remote authentication server, for
example, a RADIUS server.
Table
86. The server uses the CA certificate that is saved in the PKI domain
Symbol
Character name
~
Dot
*
Left angle bracket
\
Right angle bracket
|
Quotation marks
:
Apostrophe
612
Symbol
.
<
>
"
'
Advertisement
