H3C s3600 series Command Manual page 16
Hide thumbs
Also See for s3600 series:
- Operation manual (966 pages) ,
- Installation manual (98 pages) ,
- Command manual (92 pages)
Table of Contents
Advertisement
For a VTY user interface, to specify the none keyword or password keyword for login users, make sure
that SSH is not enabled in the user interface. Otherwise, the configuration fails. Refer to the protocol
inbound command for related configuration.
To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22, ports for Telnet
and SSH services respectively, will be enabled or disabled after corresponding configurations.
If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled.
If the authentication mode is password, and the corresponding password has been set, TCP 23 will
be enabled, and TCP 22 will be disabled.
If the authentication mode is scheme, there are three scenarios: when the supported protocol is
specified as telnet, TCP 23 will be enabled; when the supported protocol is specified as SSH, TCP
22 will be enabled; when the supported protocol is specified as all, both the TCP 23 and TCP 22
port will be enabled.
Examples
Example of the password authentication mode configuration
# Configure to authenticate users using the local password on the console port, and set the
authentication password to aabbcc in plain text.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] authentication-mode password
[Sysname-ui-aux0] set authentication password simple aabbcc
After the configuration, when a user logs in to the switch through the console port, the user must enter
the correct password.
Example of the scheme authentication mode configuration
# Configure the authentication mode as scheme for VTY users logging in through Telnet.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode scheme
[Sysname-ui-vty0] quit
# Specify domain system as the default domain, and set the scheme authentication mode to local for
the domain.
[Sysname] domain default enable system
[Sysname] domain system
[Sysname-isp-system] scheme local
1-2
Hide quick links:
Advertisement
Chapters
Table of Contents
Need help?
Do you have a question about the s3600 series and is the answer not in the manual?
Questions and answers