3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

321

322

323

324

325

326

327

328

329

330

SSH Terminal Services 313

Configuring authentication type

New users must specify authentication type. Otherwise, they cannot access the

switch.

CAUTION:

■ If RSA authentication type is defined, then the RSA public key of the client user

must be configured on the switch.

■ By default, no authentication type is specified for a new user, so they cannot

access the switch.

■ For the password-publickey authentication type: SSHv1 client users can access

the switch as long as they pass one of the two authentications. SSHv2 client users

can access the switch only when they pass both the authentications.

Configuring server SSH attributes

Configuring server SSH authentication timeout time and retry times can effectively

assure security of SSH connections and avoid illegal actions.

Configuring client public keys

You can configure RSA public keys for client users on the switch and specify RSA

private keys, which correspond to the public keys, on the client. Then client keys are

generated randomly by the SSH2.0 client software. This operation is not required for

password authentication type.

Table 266 Configure authentication type

Operation Command Remarks

Enter system view system-view -

Configure authentication type for

SSH users

ssh user username

authentication-type { password |

password-publickey | rsa| all }

Required

Table 267 Configure server SSH attributes

Operation Command Remarks

Enter system view system-view -

Set SSH authentication

timeout time

ssh server timeout seconds Optional

The timeout time defaults to

60 seconds.

Set SSH authentication retry

times

ssh server

authentication-retries times

Optional

The retry times defaults to 3.

Table 268 Configure client public keys

Operation Command Remarks

Enter system view system-view -

Enter public key view rsa peer-public-key

key-name

Required

Enter public key edit view public-key-code begin You can key in a blank space

between characters, since the

system can remove the blank

space automatically. But the

public key should be

composed of hexadecimal

characters.

Return to public key view from

public key edit view

public-key-code end The system saves public key

data when exiting from public

key edit view