Local Authentication And Authorization For Ssh Users - HP VSR1000 Security Configuration Manual

[Router] role default-role enable
# Create a RADIUS scheme.
[Router] radius scheme rad
# Specify the primary authentication server.
[Router-radius-rad] primary authentication 10.1.1.1 1812
# Set the shared key for secure communication with the server to expert in plain text.
[Router-radius-rad] key authentication simple expert
# Include the domain names in usernames sent to the RADIUS server.
[Router-radius-rad] user-name-format with-domain
[Router-radius-rad] quit
# Create ISP domain bbb and configure authentication, authorization, and accounting methods
for login users. Because RADIUS user authorization information is piggybacked in authentication
responses, the authentication and authorization methods must use the same RADIUS scheme.
[Router] domain bbb
[Router-isp-bbb] authentication login radius-scheme rad
[Router-isp-bbb] authorization login radius-scheme rad
[Router-isp-bbb] accounting login none
[Router-isp-bbb] quit
Verifying the configuration
# Initiate an SSH connection to the router, and enter the username hello@bbb and the correct password.
(Details not shown.) The user logs in to the router.
# Verify that the user can use the commands permitted by the network-operator user role. (Details not
shown.)

Local authentication and authorization for SSH users

Network requirements
As shown in
Perform local authentication and authorization for SSH users.
•
Assign the network-admin user role to SSH users after they pass authentication.
•
Figure 14 Network diagram
Telnet user
192.168.1.58/24
Configuration procedure
# Assign an IP address to interface GigabitEthernet 1/0, the SSH user access interface.
<Router> system-view
[Router] interface gigabitethernet 1/0
[Router-GigabitEthernet1/0] ip address 192.168.1.70 255.255.255.0
[Router-GigabitEthernet1/0] quit
# Create local RSA and DSA key pairs.
Figure 14, configure the router to meet the following requirements:
GE1/0
192.168.1.70/24
Router
Internet
54