R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

151

• For successful login through SFTP, you must set the user service type to sftp or all.

• SSH1 does not support the service type sftp. If the client uses SSH1 to log in to the server, you must

set the service type to stelnet or all.

• For an SFTP SSH user, the working folder depends on the authentication method:

{ If only password authentication is used, the working folder is authorized by AAA.

{ If publickey authentication, whether with password authentication or not, is used, the working

folder is set by using the ssh user command.

• If you change the authentication method and public key of an SSH user that has been logged in,

your changes take effect only at the next login of the user.

Configuration procedure

To configure an SSH user and specify the service type as Stelnet:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create an SSH user,

and specify the service

type as Stelnet.

• In non-FIPS mode:

ssh user username service-type stelnet authentication-type

{ password | { any | password-publickey | publickey }

assign publickey keyname }

• In FIPS mode:

ssh user username service-type stelnet authentication-type

{ password | password-publickey assign publickey

keyname }

Use either

command.

To configure an SSH user and specify the service type as all or SFTP:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Create an SSH user,

and specify the service

type as all or SFTP.

• In non-FIPS mode:

ssh user username service-type { all | sftp }

authentication-type { password | { any |

password-publickey | publickey } assign publickey keyname

work-directory directory-name }

• In FIPS mode:

ssh user username service-type { all | sftp }

authentication-type { password | password-publickey

assign publickey keyname work-directory directory-name }

Use either

command.

Setting the SSH management parameters

SSH management includes:

• Enabling the SSH server to be compatible with SSH1 client

• Setting the RSA server key pair update interval, applicable to users using SSH1 client

• Setting the SSH user authentication timeout period

• Setting the maximum number of SSH authentication attempts

• Setting these parameters can help avoid malicious guessing at and cracking of the keys and

usernames, securing your SSH connections.