Authentication For Ssh Users By An Ldap Server - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
# Enable the default user role feature to assign authenticated SSH users the default user role
network-operator.
[Router] role default-role enable
# Enable scheme authentication for user lines VTY 0 through VTY 63.
[Router] line vty 0 63
[Router-line-vty0-63] authentication-mode scheme
[Router-line-vty0-63] quit
# Assign an IP address to interface GigabitEthernet 1/0, the SSH user access interface.
[Router] interface gigabitethernet 1/0
[Router-GigabitEthernet1/0] ip address 192.168.1.70 255.255.255.0
[Router-GigabitEthernet1/0] quit
# Assign an IP address to interface GigabitEthernet 2/0, through which the router is connected to
the server.
[Router] interface gigabitethernet 2/0
[Router-GigabitEthernet2/0] ip address 10.1.1.2 255.255.255.0
[Router-GigabitEthernet2/0] quit
Verifying the configuration
# Initiate an SSH connection to the router, and enter the correct username and password. (Details not
shown.) The user logs in to the router.
# Verify that the user can use the commands permitted by the network-operator user role. (Details not
shown.)
Authentication for SSH users by an LDAP server
Network requirements
As shown in
Configure the router to meet the following requirements:
Use the LDAP server to authenticate SSH users.
•
Assign the default user role network-operator to SSH users after they pass authentication.
•
On the LDAP server, set the administrator password to admin!123456, add user aaa, and set the user's
password to ldap!123456.
Figure 16 Network diagram
Figure
16, an LDAP server is located at 10.1.1.1/24 and uses the domain name ldap.com.
57
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
