H3C S5600 Series Operation Manual page 920

For remote authentication, the user information is saved on an authentication server (such as a
RADIUS server) and authentication is implemented through the cooperation of the SSH server and the
authentication server. For AAA details, refer to AAA Operation.
Publickey authentication
Publickey authentication provides more secure SSH connections than password authentication does.
At present, the device supports RSA and DSA for publickey authentication. After configuration,
authentication is implemented automatically without asking you to enter the password. In this mode,
you need to create a key pair on each client, and configure each client's public key on the server. This
may be complicated when multiple SSH clients want to access one SSH server in the network.
Password-publickey authentication
An SSH user must pass both types of authentication before logging in. In this mode, you do not need to
create a key pair on each client. You can configure the clients to use the same key pair that is created
on one client for publickey authentication. With the AAA function in password authentication, the level
of commands available to a logged-in SSH user is determined by the AAA scheme..
Follow these steps to configure an SSH user and specify an authentication type for the user:
To do...
Enter system view
Specify the default authentication
type for all SSH users
Create an SSH user, and
specify an authentication type
for it
Use the command...
system-view
ssh authentication-type default
{ all | password |
password-publickey |
publickey }
ssh user username
ssh user username
authentication-type { all |
password | password-publickey
| publickey }
1-10
Remarks
—
Use either command.
By default, no SSH user is
created and no authentication
type is specified.
Note that: If both commands
are used and different
authentication types are
specified, the authentication
type specified with the ssh
user authentication-type
command takes precedence.