Logging In Through Ssh; Configuring Command Authorization - 3Com 4500G Family Configuration Manual
24/48 port
Hide thumbs
Also See for 4500G Family:
- Getting started manual (92 pages) ,
- Datasheet (8 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
# Configure Telnet protocol is supported.
[Sysname-ui-vty0] protocol inbound telnet
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-vty0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
[Sysname-ui-vty0] history-command max-size 20
# Set the timeout time to 6 minutes.
[Sysname-ui-vty0] idle-timeout 6
Configure the authentication scheme
Configure the authentication server by referring to related parts in AAA Configuration.
Logging In Through SSH
Secure Shell (SSH) offers an approach to logging into a remote device securely. With encryption and
strong authentication, it protects devices against attacks such as IP spoofing and plain text password
interception. For the security features provided by SSH, see SSH Configuration in the Security Volume.
Configuring Command Authorization
By default, command level for a login user depends on the user level. The user is authorized the
command with the default level not higher than the user level. With the command authorization
configured, the command level for a login user is decided by both the user level and AAA authorization.
If a user executes a command of the corresponding user level, the authorization server checks whether
the command is authorized. If yes, the command can be executed.
The authorization server checks the commands authorized for users through the username, and thus
the command authorization configuration involves four steps:
1)
Configure the authentication mode as scheme (that is, use username and password are required
for authentication) when users log in.
2)
Enable command authorization. See the following table for details.
3)
Configure a HWTACACS scheme. Specify the IP addresses of the HWTACACS authorization
servers and other related parameters.
4)
Configure the ISP domain to use the HWTACACS scheme for command line users. For details,
refer to the section Configuring AAA Authorization Methods for an ISP Domain of AAA
Configuration in the Security Volume.
Follow these steps to enable command authorization:
To do...
Enter system view
Enter AUX user interface view
Enable command authorization
Use the command...
system-view
user-interface vty first-number
[ last-number ]
command authorization
3-10
Remarks
—
—
Required
Disabled by default, that is,
users can execute commands
without authorization.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
