R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

138

To do… Use the command…

Remarks

Create an

SSH user, and

specify the

service type

and

authenticatio

n mode

For Stelnet

users

ssh user username service-type stelnet authentication-type

{ password | { any | password-publickey | publickey }

assign publickey keyname }

Required

Use either

command.

For all users or

SFTP users

ssh user username service-type { all | sftp }

authentication-type { password | { any |

password-publickey | publickey } assign publickey

keyname work-directory directory-name }

NOTE:

• A user without an SSH account can still pass password authentication and log into the server throu

Stelnet or SFTP, as long as the user can pass AAA authentication and the service type is SSH.

• An SSH server supports up to 1024 SSH users.

• The service type of an SSH user can be Stelnet (Secure Telnet) or SFTP (Secure FTP). For information

about Stelnet, see “SSH2.0 overview.

” For information about SFTP, see “SFTP overview.”

• For successful login through SFTP, you must set the user service type to sftp or all.

• As SSH1 does not support service type sftp, if the client uses SSH1 to lo

into the server, you must set the

service type to stelnet or all on the server. Otherwise, the client will fail to log in.

• The working folder of an SFTP user is subject to the user authentication method. For a user using only

password authentication, the workin

folder is the AAA authorized one. For a user usin

only publicke

authentication or using both the publickey and password authentication methods, the workin

folder is

the one set by using the ssh user command.

• The configured authentication method takes effect only for users logging in after the configuration.

NOTE:

For users using publickey authentication:

• You must configure on the device (switch or router) the corresponding username and public keys.

• After login, the commands available for a user are determined by the user privilege level, which is

configured with the user privilege level command on the user interface.

For users using password authentication:

• You can configure the accounting information either on the device (switch or router) or on the remote

authentication server (such as RADIUS authentication server).

• After login, the commands available to a user are determined by AAA authorization.

Setting the SSH management parameters

SSH management includes:

• Enabling the SSH server to be compatible with SSH1 client

• Setting the server key pair update interval, applicable to users using SSH1 client

• Setting the SSH user authentication timeout period

• Setting the maximum number of SSH authentication attempts

Setting the above parameters can help avoid malicious guess at and cracking of the keys and usernames,

securing your SSH connections.

Follow these steps to set the SSH management parameters: