Huawei Quidway S3900 Series Operation Manual page 826

Operation Manual - SSH Terminal Services
Quidway S3900 Series Ethernet Switches-Release 1510
Caution:
If RSA authentication type is defined, then the RSA public key of the client user must
be configured on the switch.
By default, no authentication type is specified for a new user, so they cannot access
the switch.
For the password-publickey authentication type: SSHv1 client users can access
the switch as long as they pass one of the two authentications. SSHv2 client users
can access the switch only when they pass both the authentications.
For the password authentication, username should be consistent with the effective
user name defined in AAA; for the RSA authentication, username is the SSH local
user name, so that there is no need to configure a local user in AAA.
IV. Configuring server SSH attributes
Configuring server SSH authentication timeout time, retry times, server keys update
interval and SSH compatible mode can effectively assure security of SSH connections
by avoiding illegal actions such as malicious password guessing.
Table 1-5 Configure server SSH attributes
Operation
Enter system view
Set
authentication
timeout time
Set
authentication retry
times
Set server
update interval
Set SSH
compatible
SSHv1.x client
Command
system-view
SSH
ssh server timeout seconds
SSH
ssh server authentication-retries
times
keys
ssh server rekey-interval
server
ssh server
with
enable
Huawei Technologies Proprietary
1-7
Chapter 1 SSH Terminal Services
compatible-ssh1x
Description
—
Optional
The timeout time
defaults to 60
seconds.
Optional
The retry times
defaults to 3.
Optional
By default, the
system does not
update server keys.
Optional
By default, SSH
server is compatible
with SSHv1.x client.