3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

931

932

933

934

935

936

937

938

939

940

942 CHAPTER 72: CONFIGURING SSH VERSION 2.0

CAUTION: If a user uses the RSA authentication mode, this user and its public key

must be configured on a switch. If a user uses the password authentication mode,

his/her account information can be configured on a switch or remote

authentication server (for example, a RADIUS authentication server).

Configuring Service Type

for SSH Users

Follow these steps to configure the service type for SSH users:

CAUTION:

■ stelnet (Secure Telnet) refers to the traditional SSH service. For details, refer to

“SSH2.0 Overview” on page 935. For details about sftp (Secure FTP), refer to

“SFTP Overview” on page 965.

■ To log into the server through SFTP, you must set the service type to sftp or all.

If the SFTP service is not used, you must set the service type to stelnet or all.

■ SSH1 does not support the service type of sftp. If clients log into the server

using SSH1, you must set the service type to stelnet or all on the server.

Otherwise, clients cannot log into the server successfully.

Setting the SSH

Management

Parameters

SSH management includes:

■ Enabling the SSH server to be compatible with SSH1

■ Setting the server key pair update interval, applicable to users using SSH1

client.

■ Setting the SSH user authentication timeout period

■ Setting the maximum number of SSH authentication attempts

Setting the above parameters can help avoid malicious guess at and cracking of

the keys and usernames, securing your SSH connections.

Follow these steps to set the SSH management parameters:

Configure an authentication

mode for SSH users

ssh user username

authentication-type {

password | rsa |

password-publickey | all }

Optional

By default, the system

specifies the authentication

mode as "RSA".

To do... Use the command... Remarks

Enter system view System-view -

Specify a service type for a

specific user

ssh user username

service-type { stelnet | sftp |

all }

Required

By default, the service type is

Stelnet.

To do... Use the command... Remarks

Enter system view system-view -

Set the RSA server key pair

update interval

ssh server rekey-interval

hours

Optional

0 by default, that is, the RSA

server key pair is not updated.