Configuring An Ssh User And Specifying Sftp As One Of Service Types - Huawei AR2200 Series Configuration Manual

Huawei AR2200 Series Enterprise Routers
Configuration Guide - Basic Configuration
Step 3 Run:
authentication-mode aaa
The AAA authentication mode is configured.
Step 4 Run:
protocol inbound ssh
The VTY user interface is configured to support SSH.
----End
6.4.4 Configuring an SSH User and Specifying SFTP as One of
Service Types
To allow a user to log in to the router by using SFTP, you must configure an SSH user, configure
the router to generate a local RSA key pair, configure a user authentication mode, specify a
service type and authorized directory for the SSH user.
Context
l
l
Do as follows on the router that functions as an SSH server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
aaa
The AAA view is displayed.
Step 3 Run:
local-user user-name password { simple | cipher } password
Name and password of the local user are created.
Issue 02 (2011-10-15)
NOTE
If a VTY user interface is configured to support SSH, the VTY user interface must be configured with
AAA authentication. Otherwise, the protocol inbound ssh command cannot be configured.
SSH users can be authenticated in four modes: RSA, password, password-rsa, and all. You
must create a local user with the specified user name in the AAA view.
Configuring the router to generate a local RSA key pair is a key step for SSH login. If an
SSH user logs in to an SSH server in password authentication mode, configure the server
to generate a local RSA key pair. If an SSH user logs in to an SSH server in RSA
authentication mode, configure both the server and the client to generate local RSA key
pairs.
NOTE
Password-rsa authentication requires success of both password authentication and RSA authentication. The
all authentication mode requires success of either password authentication or RSA authentication.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6 Managing File System
99