HP HSR6600 Command Reference Manual page 374
Hide thumbs
Also See for HSR6600:
- Configuration manual (614 pages) ,
- Troubleshooting manual (41 pages) ,
- Security configuration manual (559 pages)
Table of Contents
Advertisement
Parameters
username: Specifies an SSH username, a case-sensitive string of 1 to 80 characters.
service-type: Specifies the service type of an SSH user:
all: Specifies Stelnet, SFTP, and SCP.
•
scp: Specifies the service type as SCP.
•
•
sftp: Specifies the service type as SFTP.
stelnet: Specifies the service type of Stelnet.
•
authentication-type: Specifies the authentication method of an SSH user:
password: Specifies password authentication. This authentication method features easy and fast
•
encryption, but it is vulnerable. It can work with AAA to implement user authentication,
authorization, and accounting.
any: Specifies either password authentication or publickey authentication.
•
password-publickey: Specifies both password authentication and publickey authentication
•
(featuring higher security) if the client runs SSH2, and performs either type of authentication if the
client runs SSH1.
publickey: Specifies publickey authentication. This authentication method has the complicated and
•
slow encryption, but it provides strong authentication that can defend against brute-force attacks.
This authentication method is easy to use. If this method is configured, the authentication process
completes automatically without the need of entering any password.
assign: Specifies parameters that are used to verify the client.
pki-domain pkiname: Specifies the PKI domain which verifies the client certificate. The pkiname
•
argument is a case-insensitive string of 1 to 15 characters. The server uses the CA certificate that is
saved in the PKI domain to verify one or multiple client certificates without saving clients' public keys
in advance.
•
publickey keyname: Specifies the public key of the SSH user. The keyname argument represents an
existing public key to an SSH user, and is a case-sensitive string of 1 to 64 characters. The server
checks the validity of the user through the user's public key that has been locally saved. If the public
key file on the client changes, the server needs to update the local configuration properly.
work-directory directory-name: Specifies the working directory for an SFTP user. The directory-name
argument is a string of 1 to 135 characters.
Usage guidelines
If the SSH server uses publickey authentication, you must create an SSH user account on the device. If the
SSH server uses password authentication, you do not need to create the user account on the device, but
you must configure the user account information on the device for local authentication, or on the remote
authentication server (such as a RADIUS server) for remote authentication.
If you specify a public key or PKI domain for a user multiple times, the most recent configuration takes
effect.
You can change parameters for an SSH user that has logged in, but your changes take effect for the user
at next login.
If an SFTP or SCP user has been assigned a public key or PKI domain, it is necessary to set a working
folder for the user.
The working folder of an SFTP or SCP user depends on the user authentication method. For a user using
only password authentication, the working folder is the AAA authorized one. For a user using only
361
Advertisement
Table of Contents
