Operation Manual – SSH Terminal Service
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
SSH Terminal Service
1-8
Caution:
z If RSA authentication type is configured for a user, the RSA public key of the client
user must be configured on the switch.
z By default, no authentication type is specified for a new user, and the new user
cannot access the switch.
z For the password-publickey authentication type: SSH1 client users can access
the switch as long as they pass any of the two kinds of authentications. SSH2 client
users can access the switch only when they pass both kinds of authentications.
z For the password authentication type, username should be consistent with the
valid user name defined in AAA; for the RSA authentication type, username is the
SSH local user name, so that there is no need to configure a local user in AAA.
z If the default authentication type for SSH users is password and local AAA
authentication is adopted, you need not use the ssh user command to create an
SSH user. Instead, you can use the local-user command to create a user name
and its password and then set the service type of the user to SSH.
z If the default authentication type for SSH users is password and remote
authentication (RADIUS authentication, for example) is adopted, you need not use
the ssh user command to create an SSH user, because it is created on the remote
server. And the user can use its username and password configured on the remote
server to access the network.
z If you use the ssh user username authentication-type command to specify an
authentication type for an inexistent SSH user, the system will create the SSH user
automatically.
z If the RSA authentication type is specified, you can use the user privilege level
command to set the level of the commands available to the SSH users logging into
the server. Additionally, the command levels accessible to the users adopting RSA
authentication are the same.
z If the password authentication type is specified, the command levels accessible to
SSH users logging into the server are determined through AAA. In this case, the
command level may vary with users.
V. Configuring SSH management
The configuration of SSH management includes the setting of authentication timeout
time, authentication retry times, server key update interval, and SSH compatible mode.
After the configuration, the SSH management function is able to prevent illegal
activities such as malicious password guessing, thus ensure the security of SSH
connections.