Creating An Ssh User And Specifying An Authentication Type - 3Com 5500-EI PWR Install Manual

Creating an SSH User and Specifying an Authentication Type

This task is to create an SSH user and specify an authentication type. Specifying an authentication type
for a new user is a must to get the user login.
An SSH user is represented as a set of user attributes on the SSH server. This set is uniquely identified
with the SSH username. When a user logs in to the SSH server from the SSH client, a username is
required so that the server can looks up the database for matching the username. If a match is found, it
authenticates the user using the authentication mode specified in the attribute set. If not, it tears down
the connection.
To prevent illegal users from logging in to the device, SSH supports the authentication modes of
password, publickey, and password-publickey.
Password authentication
SSH uses the authentication function of AAA to authenticate the password of the user that is logging in.
Based on the AAA authentication scheme, password authentication can be done locally or remotely.
For local authentication, the SSH server saves the user information and implements the authentication.
For remote authentication, the user information is saved on an authentication server (such as a
RADIUS server) and authentication is implemented through the cooperation of the SSH server and the
authentication server. For AAA details, refer to AAA Operation.
Publickey authentication
Publickey authentication provides more secure SSH connections than password authentication does.
At present, the device supports RSA and DSA for publickey authentication. After configuration,
authentication is implemented automatically without asking you to enter the password. In this mode,
you need to create a key pair on each client, and configure each client's public key on the server. This
may be complicated when multiple SSH clients want to access one SSH server in the network.
Password-publickey authentication
An SSH user must pass both types of authentication before logging in. In this mode, you do not need to
create a key pair on each client. You can configure the clients to use the same key pair that is created
on one client for publickey authentication. With the AAA function in password authentication, the level
of commands available to a logged-in SSH user is determined by the AAA scheme..
Follow these steps to configure an SSH user and specify an authentication type for the user:
To do...
Enter system view
Specify
authentication type for all SSH
users
Destroy the DSA
key pair
system-view
ssh authentication-type default
{ all | password |
the default
password-publickey |
publickey }
ssh user username
public-key local destroy dsa
Use the command...
1-10
Remarks
—
Use either command.
By default, no SSH user is
created and no authentication
type is specified.
Note that: If both commands