F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

166

• If publickey authentication, whether with password authentication or not, is used, the command

level accessible to the user is set by the user privilege level command on the user interface. If only

password authentication is used, the command level accessible to the user is authorized by AAA.

• SSH1 does not support SFTP or SCP. For an SSH1 client, you must set the service type to stelnet or

all.

• For an SFTP SSH user, the working folder depends on the authentication method:

{ If only password authentication is used, the working folder is authorized by AAA.

{ If publickey authentication, whether with password authentication or not, is used, the working

folder is set by using the ssh user command.

• If you change the authentication mode or public key for an SSH user that has logged in, the change

takes effect only at the next login of the user.

To configure an SSH user and specify the service type and authentication method:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create an SSH user, and

specify the service type

and authentication

method.

• Create an SSH user, and specify the service type

and authentication method for Stelnet users:

ssh user username service-type stelnet

authentication-type { password | { any |

password-publickey | publickey } assign

{ pki-domain pkiname | publickey keyname } }

• Create an SSH user, and specify the service type

and authentication method for all users, SCP or

SFTP users:

ssh user username service-type { all | scp | sftp }

authentication-type { password | { any |

password-publickey | publickey } assign

{ pki-domain pkiname | publickey keyname }

work-directory directory-name }

Use either command.

280BSetting the SSH management parameters

The SSH management parameters can be set to improve the security of SSH connections. The SSH

management parameters include:

• Compatibility between the SSH server and SSH1 clients.

• RSA server key pair update interval, applicable to users using SSH1 client.

• SSH user authentication timeout period. This parameter is used to reject a connection if the

authentication for the connection is not completed before the timeout period expires.

• Maximum number of SSH authentication attempts. This parameter is used to prevent malicious

password cracking.

• SFTP connection idle timeout period. Once the idle period of an SFTP connection exceeds the

specified threshold, the system automatically tears the connection down.

To set the SSH management parameters:

Ste

Command

Remarks

1. Enter system view.

system-view N/A