HP FlexNetwork MSR Series Command Reference Manual page 631
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
You do not need to create an SSH user by using the ssh user command. However, if you want
to display all SSH users, including the password-only SSH users, for centralized management,
you can use this command to create them. If such an SSH user has been created, make sure
you have specified the correct service type and authentication method.
•
If the authentication method is password-publickey or any, you must create an SSH user on
the SSH server and perform one of the following tasks:
For local authentication, configure a local user on the SSH server.
For remote authentication, configure an SSH user on a remote authentication server, for
example, a RADIUS server.
In either case, the local user or the SSH user configured on the remote authentication server
must have the same username as the SSH user.
If you use this command to specify a host public key or a PKI domain for a user multiple times, the
most recent configuration takes effect.
This configuration does not affect logged-in users. It affects only users that attempt to log in after the
configuration.
For an SFTP or SCP user, the working directory depends on the authentication method.
•
If the authentication method is publickey or password-publickey, the working directory is
specified by the authorization-attribute command in the associated local user view.
•
If the authentication method is password, the working directory is authorized by AAA.
For an SSH user, the user role also depends on the authentication method.
•
If the authentication method is publickey or password-publickey, the user role is specified by
the authorization-attribute command in the associated local user view.
•
If the authentication method is password, the user role is authorized by AAA.
Examples
# Create an SSH user named user1. Specify the service type as sftp and the authentication method
as password-publickey for the user. Assign the host public key key1 to the user.
<Sysname> system-view
[Sysname] ssh user user1 service-type sftp authentication-type password-publickey assign
publickey key1
# Create a local device management user named user1. Specify the password as
123456TESTplat&! in plain text and the service type as ssh for the user. Assign the working
directory flash: and the user role network-admin to the user.
[Sysname] local-user user1 class manage
[Sysname-luser-manage-user1] password simple 123456TESTplat&!
[Sysname-luser-manage-user1] service-type ssh
[Sysname-luser-manage-user1] authorization-attribute work-directory flash: user-role
network-admin
Related commands
authorization-attribute
display ssh user-information
local-user
pki domain
613
Advertisement
