R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

371

372

373

374

375

376

377

378

379

380

363

Ste

Command

Remarks

2. Create an SSH user, and

specify the service type

and authentication

method.

• In non-FIPS mode, create an SSH user, and

specify the service type and authentication

method for Stelnet users:

ssh user username service-type stelnet

authentication-type { password | { any |

password-publickey | publickey } assign

{ pki-domain pkiname | publickey keyname } }

• In FIPS mode, create an SSH user, and specify the

service type and authentication method for

Stelnet users:

ssh user username service-type stelnet

authentication-type { password |

password-publickey assign publickey keyname }

• In non-FIPS mode, create an SSH user, and

specify the service type and authentication

method for all users, SCP or SFTP users:

ssh user username service-type { all | scp | sftp }

authentication-type { password | { any |

password-publickey | publickey } assign

{ pki-domain pkiname | publickey keyname }

work-directory directory-name }

• In FIPS mode, create an SSH user, and specify the

service type and authentication method for all

users, SCP or SFTP users:

ssh user username service-type { all | sftp }

authentication-type { password |

password-publickey assign publickey keyname

work-directory directory-name }

Use one of the

commands.

Setting the SSH management parameters

The SSH management parameters can be set to improve the security of SSH connections. The SSH

management parameters include:

• Compatibility between the SSH server and SSH1 clients.

• RSA server key pair update interval, applicable to users using SSH1 client.

• SSH user authentication timeout period. This parameter is used to reject a connection if the

authentication for the connection is not completed before the timeout period expires.

• Maximum number of SSH authentication attempts. This parameter is used to prevent malicious

password cracking.

• SFTP connection idle timeout period. Once the idle period of an SFTP connection exceeds the

specified threshold, the system automatically tears the connection down.

To set the SSH management parameters:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable the SSH server to

support SSH1 clients.

ssh server compatible-ssh1x

enable

Optional.

By default, the SSH server supports

SSH1 clients.