Configuring An Ssh User - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Configuring an SSH user
Configure an SSH user and a local user depending on the authentication method.
•
If the authentication method is publickey, you must create an SSH user and a local user on the
SSH server. The two users must have the same username, so that the SSH user can be
assigned the correct working directory and user role.
•
If the authentication method is password, you must perform one of the following tasks:
For local authentication, configure a local user on the SSH server.
For remote authentication, configure an SSH user on a remote authentication server, for
example, a RADIUS server.
You do not need to create an SSH user by using the ssh user command. However, if you want
to display all SSH users, including the password-only SSH users, for centralized management,
you can use this command to create them. If such an SSH user has been created, make sure
you have specified the correct service type and authentication method.
•
If the authentication method is password-publickey or any, you must create an SSH user on
the SSH server and perform one of the following tasks:
For local authentication, configure a local user on the SSH server.
For remote authentication, configure an SSH user on a remote authentication server, for
example, a RADIUS server.
In either case, the local user or the SSH user configured on the remote authentication server
must have the same username as the SSH user.
For information about configuring local users and remote authentication, see "Configuring AAA."
Configuration restrictions and guidelines
When you configure an SSH user, follow these restrictions and guidelines:
•
An SSH server supports up to 1024 SSH users.
•
For an SFTP or SCP user, the working directory depends on the authentication method.
If the authentication method is password, the working directory is authorized by AAA.
If the authentication method is publickey or password-publickey, the working folder is
specified by the authorization-attribute command in the associated local user view.
•
For an SSH user, the user role also depends on the authentication method.
If the authentication method is password, the user role is authorized by AAA.
If the authentication method is publickey or password-publickey, the user role is specified
by the authorization-attribute command in the associated local user view.
•
If you change the authentication parameters for a logged-in SSH user, the change takes effect
on the user at the next login.
•
For all authentication methods except password authentication, you must specify a client's host
public key or digital certificate.
For a client that sends the user's public key information directly to the server, specify the
client's host public key on the server. The specified public key must already exist. For more
information about public keys, see
For a client that sends the user's public key information to the server through a digital
certificate, specify the PKI domain on the server. This PKI domain verifies the client's digital
certificate. For successful verification, the specified PKI domain must have the correct CA
certificate. To specify the PKI domain, use the ssh user or ssh server pki-domain
command. For more information about configuring a PKI domain, see "Configuring PKI."
•
When the device operates as an SSH server in FIPS mode, the device does not support the
authentication method of any or publickey.
"Configuring a client's host public
314
key."
Advertisement
Table of Contents
Troubleshooting
