Configuration procedure
To configure an SSH user and specify the service type and authentication method:
Step
1.
Enter system view.
2.
Create an SSH user, and
specify the service type and
authentication method.
Setting the SSH management parameters
SSH management includes:
Enabling the SSH server to be compatible with SSH1 client
•
Setting the RSA server key pair update interval, applicable to users using SSH1 client
•
•
Setting the SSH user authentication timeout period
Setting the maximum number of SSH authentication attempts
•
Setting these parameters can help avoid malicious guessing at and cracking of the keys and usernames,
securing your SSH connections.
IMPORTANT:
Authentication fails if the number of authentication attempts (including both publickey and password
authentication) exceeds that specified in the ssh server authentication-retries command.
To set the SSH management parameters:
Step
1.
Enter system view.
2.
Enable the SSH server to
support SSH1 clients.
3.
Set the RSA server key pair
update interval.
Command
system-view
•
For Stelnet users:
ssh user username service-type
stelnet authentication-type
{ password | { any |
password-publickey |
publickey } assign publickey
keyname }
•
For all users, SCP or SFTP users:
ssh user username service-type
{ all | scp | sftp }
authentication-type { password
| { any | password-publickey
| publickey } assign publickey
keyname work-directory
directory-name }
Command
system-view
ssh server compatible-ssh1x
[ enable ]
ssh server rekey-interval hours
184
Remarks
N/A
Use either command.
Remarks
N/A
Optional.
By default, the SSH server supports
SSH1 clients.
Optional.
By default, the interval is 0, and the
RSA server key pair is not updated.