R3303-HP HSR6800 Routers Security Configuration Guide
313
• Compatibility between the SSH server and SSH1 clients.
• RSA server key pair update interval, applicable to users using SSH1 client.
• SSH user authentication timeout period. This parameter is used to reject a connection if the
authentication for the connection is not completed before the timeout period expires.
• Maximum number of SSH authentication attempts. This parameter is used to prevent malicious
password cracking.
• SFTP connection idle timeout period. Once the idle period of an SFTP connection exceeds the
specified threshold, the system automatically tears the connection down.
To set the SSH management parameters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the SSH server to
support SSH1 clients.
ssh server compatible-ssh1x
enable
Optional.
By default, the SSH server supports
SSH1 clients.
3. Set the RSA server key pair
update interval.
ssh server rekey-interval hours
Optional.
By default, the interval is 0, and the
RSA server key pair is not updated.
4. Set the SSH user
authentication timeout period.
ssh server authentication-timeout
time-out-value
Optional.
60 seconds by default.
5. Set the maximum number of
SSH authentication attempts.
ssh server authentication-retries
times
Optional.
3 by default.
Authentication fails if the number of
authentication attempts (including
both publickey and password
authentication) exceeds the upper
limit.
6. Configure the SFTP
connection idle timeout
period.
sftp server idle-timeout
time-out-value
Optional.
10 minutes by default.
Configuring the device as an Stelnet client
This section describes how to configure the device as an Stelnet client.
Stelnet client configuration task list
Task Remarks
Specifying a source IP address or source interface for the Stelnet
client
Optional.
Enabling and disabling first-time authentication Optional.
Establishing a connection to an Stelnet server Required.