If publickey authentication is used, either with or without password authentication, the working
folder is set by using the ssh user command.
If you change the authentication mode or public key for an SSH user that has been logged in, the
•
change can take effect only at the next login of the user.
In FIPS mode, the SSH server does not support any authentication and publickey authentication.
•
Configuration procedure
To configure an SSH user and specify the service type and authentication method:
Step
1.
Enter system
view.
2.
Create an SSH
user, and
specify the
service type
and
authentication
method.
Setting the SSH management parameters
SSH management includes:
Enabling the SSH server to be compatible with SSH1 client
•
•
Setting the RSA server key pair update interval, applicable to users using SSH1 client
Setting the SSH user authentication timeout period
•
Setting the maximum number of SSH authentication attempts
•
Setting these parameters can help avoid malicious guessing at and cracking of the keys and usernames,
securing your SSH connections.
IMPORTANT:
Authentication fails if the number of authentication attempts (including both publickey and password
authentication) exceeds that specified in the ssh server authentication-retries command.
To set the SSH management parameters:
Command
system-view
•
For Stelnet users:
In non-FIPS mode:
ssh user username service-type stelnet authentication-type
{ password | { any | password-publickey | publickey } assign
publickey keyname }
In FIPS mode:
ssh user username service-type stelnet authentication-type
{ password | password-publickey assign publickey keyname }
•
For all users, SCP or SFTP users:
In non-FIPS mode:
ssh user username service-type { all | scp | sftp }
authentication-type { password | { any | password-publickey |
publickey } assign publickey keyname work-directory
directory-name }
In FIPS mode:
ssh user username service-type { all | scp | sftp }
authentication-type { password | password-publickey assign
publickey keyname work-directory directory-name }
321
Remarks
N/A
Use one of
the
commands
.