HP 6125G Configuration Manual page 47

To make the command authorization or command accounting function take effect, apply an
•
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the
authorization server and other authorization parameters.
• If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the device.
If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
•
RADIUS or HWTACACS server.
The SSH client authentication method is password in this configuration procedure. For more information
about SSH and publickey authentication, see Security Configuration Guide.
To configure the SSH server on the device:
Step
1. Enter system view.
2. Create local key pairs.
3. Enable SSH server.
4. Enter one or more VTY user
interface views.
5. Enable scheme
authentication.
6. Enable the user interfaces to
support Telnet, SSH, or both
of them.
7. Enable command
authorization.
Command
system-view
public-key local create { dsa | rsa }
ssh server enable
user-interface vty first-number
[ last-number ]
authentication-mode scheme
protocol inbound { all | ssh |
telnet }
command authorization
41
Remarks
N/A
By default, no local key pairs are
created.
By default, SSH server is disabled.
N/A
By default, password
authentication is enabled on VTY
user interfaces.
Optional.
By default, both Telnet and SSH
are supported.
Optional.
By default, command authorization
is disabled. The commands
available for a user only depend
on the user privilege level.
If command authorization is
enabled, a command is available
only if the user has the
commensurate user privilege level
and is authorized to use the
command by the AAA scheme.