Setting The Ssh Management Parameters - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
If only publickey authentication is used, the command level accessible to the user is set by the user
•
privilege level command on the user interface. If password authentication is used, either with or
without publickey authentication, the command level accessible to the user is authorized by AAA.
•
SSH1 does not support SCP and SFTP. For an SSH1 client, you must set the service type to stelnet
or all.
For an SCP or SFTP user, the working folder depends on the authentication method:
•
If only password authentication is used, the working folder is authorized by AAA.
If publickey authentication is used, either with or without password authentication, the working
folder is set by using the ssh user command.
If you change the authentication mode or public key for an SSH user that has been logged in, the
•
change can take effect only at the next login of the user.
In FIPS mode, the SSH server does not support any authentication and publickey authentication.
•
Configuration procedure
To configure an SSH user and specify the service type and authentication method:
Step
1.
Enter system
view.
2.
Create an SSH
user, and
specify the
service type
and
authentication
method.
Setting the SSH management parameters
Setting these parameters can help avoid malicious guessing at and cracking of the keys and usernames,
securing your SSH connections.
IMPORTANT:
Authentication fails if the number of authentication attempts (including both publickey and password
authentication) exceeds that specified in the ssh server authentication-retries command.
To set the SSH management parameters:
Command
system-view
•
For Stelnet users:
In non-FIPS mode:
ssh user username service-type stelnet authentication-type
{ password | { any | password-publickey | publickey } assign
publickey keyname&<1-6> }
In FIPS mode:
ssh user username service-type stelnet authentication-type
{ password | password-publickey assign publickey
keyname&<1-6> }
•
For all users, SCP or SFTP users:
In non-FIPS mode:
ssh user username service-type { all | scp | sftp }
authentication-type { password | { any | password-publickey
| publickey } assign publickey keyname&<1-6> work-directory
directory-name }
In FIPS mode:
ssh user username service-type { all | scp | sftp }
authentication-type { password | password-publickey assign
publickey keyname&<1-6> work-directory directory-name }
311
Remarks
N/A
Use one of the
commands.
Advertisement
Table of Contents
Troubleshooting
