R3721-F3210-F3171-HP High-End Firewalls Getting Started Guide-6PW101
30
Configuring the SSH server on the device
Follow these guidelines when you configure the SSH server:
• To make the command authorization or command accounting function take effect, apply an
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the
authorization server and other authorization parameters. For more information, see Access Control
Configuration Guide.
• If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the device.
• If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
RADIUS or HWTACACS server.
The SSH client authentication method is password in this configuration procedure. For more information
about SSH and publickey authentication, see System Management and Maintenance Configuration
Guide.
To configure the SSH server on the device:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create local key pair(s).
public-key local create { dsa | rsa }
By default, no local key pair(s) are
created.
3. Enable SSH server.
ssh server enable By default, SSH server is disabled.
4. Exit to system view.
quit N/A
5. Enter one or more VTY user
interface views.
user-interface vty first-number
[ last-number ]
N/A
6. Specify the scheme
authentication mode.
authentication-mode scheme
By default, authentication mode for
VTY user interfaces is password.
7. Enable the current user
interface to support either
Telnet, SSH, or both of them.
protocol inbound { all | ssh }
Optional.
By default, both protocols are
supported.