R3166-R3206-HP High-End Firewalls Getting Started Guide-6PW101
34
To do… Use the command…
Remarks
Create an SSH user, and specify
the authentication mode for the
SSH user
ssh user username service-type
stelnet authentication-type
{ password | { any |
password-publickey | publickey }
assign publickey keyname }
Required
By default, no SSH user exists, and
no authentication mode is
specified.
Configure common settings for VTY
user interfaces
—
Optional
See “Configuring common settings
for VTY user interfaces (optional).”
NOTE:
This chapter describes how to configure an SSH client by using password authentication. For more
information about SSH and how to configure an SSH client by using publickey, see
System Mana
g
emen
t
and Maintenance Configuration Guide
.
After you enable command authorization or command accounting, you need to perform the following
configuration to make the function take effect:
• Create a HWTACACS scheme, and specify the IP address of the authorization server and other
authorization parameters.
• Reference the created HWTACACS scheme in the ISP domain.
When users adopt the scheme mode to log in to the device, the level of the commands that the users can
access depends on the user privilege level defined in the AAA scheme.
• When the AAA scheme is local, the user privilege level is defined by the authorization-attribute
level level command.
• When the AAA scheme is RADIUS or HWTACACS, the user privilege level is configured on the
RADIUS or HWTACACS server.
Configuring the SSH client to log in to the SSH server
Configuration prerequisites
You have logged in to the device.
By default, you can log in to the device through the console port without authentication and have user
privilege level 3 after login. For information about logging in to the device with the default configuration,
see “Configuration requirements.”
Figure 23 Log in to another device from the current device
NOTE:
If the SSH client and the SSH server are not in the same subnet, make sure that the two devices can reach
each other.