Configuring Ssh Terminal Service - H3C SecPath F1800-A Operation Manual

Operation Manual - Getting Started
H3C SecPath F1800-A Firewall

2.7.4 Configuring SSH Terminal Service

I. SSH Overview
After establishing local or remote SSH channel, you can set SSH terminal service
parameters to ensure a secure configuration environment. SSH Client is used to
connect SSH connection with the SecPath F1800-A and the UNIX host supporting
SSH Server. The SecPath F1800-A can connect multiple SSH Clients.
To implement SSH authentication connection, SSH Server and Client need to go
through the following five stages:
Version number negotiation
Key algorithm negotiation
Authentication mode negotiation
Session request
Session interaction
II. SSH Configuration
SSH configuration involves:
Configuring protocols supported by user interface
Creating or deleting local RSA key pair
Configuring SSH user authentication mode
Configuring update time of server key
Configuring SSH authentication timeout
Configuring SSH authentication retries
Entering RSA public key view
Entering RSA public key edition view and editing key
Configuring RSA public key for an SSH user
1) Configuring protocols supported by user interface
By default, the protocols supported by user interface are Telnet and SSH. If SSH is
enabled but RSA key is not configured, you can still not log on through SSH. The
configuration will take effect when you log on the next time.
If SSH is configured in the user interface, to successfully log in, you must use the
authentication-mode command to configure the authentication mode as local or
scheme default (AAA authentication). If the authentication mode is configured as
password or none, the configuration through the protocol inbound ssh command
will fail (and vice versa).
Do as follows in VTY user interface view.
Chapter 2 Basic SecPath F1800-A Configuration
1-65