SSH Terminal Services 203
Configuring authentication type
New users must specify authentication type. Otherwise, they cannot access the
switch.
If RSA authentication type is defined, then the RSA public key of the client user must
be configured on the switch.
By default, no authentication type is specified for a new user, so they cannot access
the switch.
If you specify the password-publickey keyword when execute the ssh user
username authentication-type command, users using SSHv1 can log onto a switch
if they pass one of the authentications, whereas those using SSHv2 need to pass both
of the authentications to log onto a switch.
Configuring server SSH attributes
Configuring server SSH authentication timeout time and retry number can effectively
assure security of SSH connections and avoid illegal actions.
Configure server SSH attributes
Configuring client public keys
This operation is not required for password authentication type.
You can configure RSA public keys for client users on the server in two ways:
1Manual mode
Operations on the client include:
SSH1.5/2.0-supported client software generates randomly RSA key pairs.
SSHKEY.EXE software converts the public part of the RSA key into PKCS code
format.
Operations on the server are described in Table184.
Table182 Configure authentication type
Operation Command Description
Enter system view system-view -
Configure authentication type
for SSH users
ssh user username
authentication-type { password |
password-publickey | rsa | all }
Required
Table183 Configure server SSH attributes
Operation Command Description
Enter system view system-view -
Set SSH authentication
timeout time
ssh server timeout seconds Optional
The timeout time defaults to 60
seconds.
Set SSH authentication retry
number
ssh server
authentication-retries times
Optional
The retry number defaults to 3.