Configuring The Ssh Management Parameters - HPE FlexFabric 7900 Series Security Configuration Manual

Configuration guidelines
When you configure an SSH user, follow these restrictions and guidelines:
•
An SSH server supports up to 1024 SSH users.
•
For an SFTP or SCP user, the working directory depends on the authentication method:
If the authentication method is password, the working directory is authorized by AAA.
If the authentication method is publickey or password-publickey, the working folder is
specified by the authorization-attribute command in the associated local user view.
•
For an SSH user, the user role also depends on the authentication method:
If the authentication method is password, the user role is authorized by the remote AAA
server or the local device.
If the authentication method is publickey or password-publickey, the user role is specified
by the authorization-attribute command in the associated local user view.
•
If you change the authentication method or public key for an SSH user that has been logged in,
the change can take effect on only the user at the next login.
•
Except password authentication, the other authentication methods require a client's host public
key to be specified. For more information about host public keys, see
host public
•
When the device operates in FIPS mode as an SSH server, the device does not support the
authentication method of any or publickey.
For information about configuring local users and remote authentication, see "Configuring AAA."
Configuration procedure
To configure an SSH user, and specify the service type and authentication method:
Step
1. Enter system view.
2. Create an SSH user, and
specify the service type and
authentication method.

Configuring the SSH management parameters

Step
1. Enter system view.
2. Enable the SSH server to
support SSH1 clients.
3. Set the RSA server key pair
update interval.
key."
Command
system-view
•
In non-FIPS mode:
ssh user username service-type { all | netconf | scp | sftp |
stelnet } authentication-type { password | { any |
password-publickey | publickey } assign publickey keyname }
•
In non-FIPS mode:
ssh user username service-type { all | netconf | scp | sftp |
stelnet } authentication-type { password | password-publickey
assign publickey keyname }
Command
system-view
ssh server compatible-ssh1x
enable
ssh server rekey-interval hours
150
"Configuring a client's
Remarks
N/A
By default, the SSH server
supports SSH1 clients.
This command is not available in
FIPS mode.
By default, the RSA server key
pair is not updated.
This command takes effect on
only SSH1 users.