If publickey authentication, whether with password authentication or not, is used, the user role
is specified by the authorization-attribute command in the associated local user view.
If you change the authentication method or public key for an SSH user that has been logged in, the
•
change can take effect only at the next login of the user.
Except password authentication, the other authentication methods require a client's host public key
•
to be specified. For more information about host public keys, see
key."
For how to configure local users and remote authentication, see
Configuration procedure
To configure an SSH user, and specify the service type and authentication method:
Step
1.
Enter system view.
2.
Create an SSH user, and
specify the service type and
authentication method.
Setting the SSH management parameters
Setting the SSH management parameters can improve the security of SSH connections. The SSH
management parameters include:
Whether the SSH server is compatible with SSH1 clients.
•
RSA server key pair update interval, applicable to users using SSH1 clients.
•
SSH user authentication timeout period. You can set this parameter to reject a connection if the
•
authentication for the connection has not been finished when the timeout period expires.
Maximum number of SSH authentication attempts. You can set this parameter to prevent malicious
•
password cracking. If any authentication is used, the total number of both publickey and password
authentication attempts cannot exceed the configured upper limit.
ACL for SSH clients. You can configure an ACL to filter SSH clients which initiate connections with
•
the SSH server.
SFTP connection idle timeout period. When the idle period of an SFTP connection exceeds the
•
specified threshold, the system automatically tears the connection down.
To set the SSH management parameters:
Step
1.
Enter system view.
2.
Enable the SSH server to
support SSH1 clients.
Command
system-view
ssh user username service-type { all | scp | sftp | stelnet }
authentication-type { password | { any | password-publickey |
publickey } assign publickey keyname }
Command
system-view
ssh server compatible-ssh1x
enable
158
"Configuring a client's host public
"Configuring
AAA."
Remarks
N/A
By default, the SSH server supports
SSH1 clients.