Operation Manual – SSH Terminal Service
H3C S3100-52P Ethernet Switch Chapter 1
SSH Terminal Service
1-7
Caution:
z If RSA authentication type is configured for a user, the RSA public key of the client
user must be configured on the switch.
z By default, no authentication type is specified for a new user, and the new user
cannot access the switch.
z For the password-publickey authentication type, users can access the switch only
when they pass both kinds of authentications.
z For the password authentication type, username should be consistent with the
valid user name defined in AAA; for the RSA authentication type, username is the
SSH local user name, so that there is no need to configure a local user in AAA.
z If the default authentication type for SSH users is password and local AAA
authentication is adopted, you need not use the ssh user command to create an
SSH user. Instead, you can use the local-user command to create a user name and
its password and then set the service type of the user to SSH.
z If the default authentication type for SSH users is password and remote
authentication (RADIUS authentication, for example) is adopted, you need not use
the ssh user command to create an SSH user, because it is created on the remote
server. And the user can use its username and password configured on the remote
server to access the network.
IV. Configuring SSH management
The configuration of SSH management includes the setting of authentication timeout
time, and authentication retry times. After the configuration, the SSH management
function is able to prevent illegal activities such as malicious password guessing, thus
ensure the security of SSH connections.
Table 1-5 Configure SSH management
Operation Command Description
Enter system view
system-view
—
Set SSH
authentication
timeout time
ssh server timeout
seconds
Optional
By default, the timeout
time is 60 seconds.
Set SSH
authentication retry
times
ssh server
authentication-retries
times
Optional
By default, the number of
retry times is 3.