3Com 5500-SI Configuration Manual page 203

Configuring authentication type
New users must specify authentication type. Otherwise, they cannot access the
switch.
Table 182 Configure authentication type
Operation
Enter system view
Configure authentication type
for SSH users
If RSA authentication type is defined, then the RSA public key of the client user must
be configured on the switch.
By default, no authentication type is specified for a new user, so they cannot access
the switch.
If you specify the password-publickey keyword when execute the ssh user
username authentication-type command, users using SSHv1 can log onto a switch
if they pass one of the authentications, whereas those using SSHv2 need to pass both
of the authentications to log onto a switch.
Configuring server SSH attributes
Configuring server SSH authentication timeout time and retry number can effectively
assure security of SSH connections and avoid illegal actions.
Configure server SSH attributes
Table 183 Configure server SSH attributes
Operation
Enter system view
Set SSH authentication
timeout time
Set SSH authentication retry
number
Configuring client public keys
This operation is not required for password authentication type.
You can configure RSA public keys for client users on the server in two ways:
1 Manual mode
Operations on the client include:
■
SSH1.5/2.0-supported client software generates randomly RSA key pairs.
■
SSHKEY.EXE software converts the public part of the RSA key into PKCS code
■
format.
Operations on the server are described in Table 184.
Command
system-view
ssh user username
authentication-type { password |
password-publickey | rsa | all }
Command
system-view
ssh server timeout seconds
ssh server
authentication-retries times
SSH Terminal Services 203
Description
-
Required
Description
-
Optional
The timeout time defaults to 60
seconds.
Optional
The retry number defaults to 3.