R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

331

332

333

334

335

336

337

338

339

340

325

Ste

Command

Remarks

4. Return to system view.

peer-public-key end N/A

Importing a client's host public key from the public key file

Ste

Command

1. Enter system view.

system-view

2. Import a client's host public key

from the public key file.

public-key peer keyname import sshkey filename

Configuring an SSH user

To configure an SSH user that uses publickey authentication, perform the procedure in this section.

If the authentication method is publickey, you must create an SSH user and a local user on the server. The

local user must have the same username as the SSH user, so that the SSH user can be assigned the

correct working directory and user role.

If the authentication method is password-publickey or any, you must create an SSH user and perform

one of the following tasks:

• For local authentication, configure a local user by using the local-user command.

• For remote authentication, configure an SSH user on a remote authentication server, for example, a

RADIUS server.

In either case, the local user or the SSH user configured on the remote authentication server must have the

same username as the SSH user.

If the authentication method is password, you do not need to create an SSH user or local user. However,

if you want to display all SSH users, including the password-only SSH users, for centralized management,

you can use this command to create them. If such an SSH user has been created, make sure you have

specified the correct service type and authentication method.

For information about configuring local users and remote authentication, see "Configuring AAA."

Configuration restrictions and guidelines

When you configure an SSH user, follow these restrictions and guidelines:

• An SSH server supports up to 1024 SSH users.

• For an SFTP or SCP user, the working directory depends on the authentication method:

{ If the authentication method is password, the working directory is authorized by AAA.

{ If the authentication method is publickey or password-publickey, the working folder is specified

by the authorization-attribute command in the associated local user view.

• For an SSH user, the user role also depends on the authentication method:

{ If the authentication method is password, the user role is authorized by the remote AAA server

or the local device.

{ If the authentication method is publickey or password-publickey, the user role is specified by

the authorization-attribute command in the associated local user view.

• If you change the authentication method or public key for a logged-in SSH user, the change takes

effect on the user only at the next login.