Setting The Ssh Management Parameters - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
To do...
authentication
method
CAUTION:
A user without an SSH account can still pass password authentication and log in to the server through
•
Stelnet or SFTP, as long as the user can pass AAA authentication and the service type is SSH.
For successful login through SFTP, you must set the user service type to sftp or all.
•
SSH1 does not support the service type sftp. If the client uses SSH1 to log in to the server, you must set
•
the service type to stelnet or all on the server.
An SFTP user's working folder depends on the authentication method. For a user using only password
•
authentication, the working folder is the AAA authorized one. For a user using only publickey
authentication or using both the publickey and password authentication methods, the working folder is
the one set by using the ssh user command.
•
You can change the authentication method and public key of an SSH user when the user is
communicating with the SSH server, but your changes take effect only after the user logs out and logs in
again.
NOTE:
With publickey authentication, which commands a user can use after login depends on the user
•
privilege level, which is configured with the user privilege level command on the user interface.
With password authentication, which commands a user can use after login depends on AAA
•
authorization.
Setting the SSH management parameters
SSH management includes:
•
Enabling the SSH server to be compatible with SSH1 client
Setting the RSA server key pair update interval, applicable to users using SSH1 client
•
Setting the SSH user authentication timeout period
•
Setting the maximum number of SSH authentication attempts
•
Setting these parameters can help avoid malicious guessing at and cracking of the keys and usernames,
securing your SSH connections.
Follow these steps to set the SSH management parameters:
To do...
Enter system view
Enable the SSH server to support
SSH1 clients
Use the command...
ssh user username service-type
{ all | sftp } authentication-type
For all users or
{ password | { any |
SFTP users
password-publickey | publickey }
assign publickey keyname
work-directory directory-name }
Use the command...
system-view
ssh server compatible-ssh1x
enable
279
Remarks
Remarks
—
Optional
By default, the SSH server supports
SSH1 clients.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
