H3C S5120-HI Security Configuration Manual page 275

Configuration guidelines
When you perform the procedure in this section to configure an SSH user, follow these guidelines:
You can set the service type to Stelnet, SFTP, and SCP (Secure copy). For more information about Stelnet,
see "Overview." For more information about SFTP, see
SCP, see "Configuring
You can enable one of the following authentication modes for the SSH user:
•
Password—The user must pass password authentication.
Publickey authentication—The user must pass publickey authentication.
Password-publickey authentication—As an SSH2.0 user, the user must pass both password and
publickey authentication. As an SSH1 user, the user must pass either password or publickey
authentication.
Any—The user can use either password authentication or publickey authentication.
If only publickey authentication is used, the command level accessible to the user is set by the user
•
privilege level command on the user interface. If password authentication is used, either with or
without publickey authentication, the command level accessible to the user is authorized by AAA.
• SSH1 does not support SCP and SFTP. For an SSH1 client, you must set the service type to stelnet
or all.
For an SCP or SFTP user, the working folder depends on the authentication method:
•
If only password authentication is used, the working folder is authorized by AAA.
If publickey authentication is used, either with or without password authentication, the working
folder is set by using the ssh user command.
If you change the authentication mode or public key for an SSH user that has been logged in, the
•
change can take effect only at the next login of the user.
In FIPS mode, the SSH server does not support any authentication and publickey authentication.
•
Configuration procedure
To configure an SSH user and specify the service type and authentication method:
Step
1. Enter system
view.
SCP."
Command
system-view
258
"Configuring SFTP." For more information about
Remarks
N/A