H3C Technologies H3C S5120 Series Switches User Manual
Page 486
1-8
To do…
Use the command…
Remarks
Enter system view
system-view
—
For Stelnet
users
ssh user username service-type stelnet
authentication-type { password | { any |
password-publickey | publickey } assign
publickey keyname }
Create an
SSH user, and
specify the
service type
and
authentication
mode
For all users
or SFTP users
ssh user username service-type { all |
sftp } authentication-type { password |
{ any | password-publickey | publickey }
assign publickey keyname work-directory
directory-name }
Required
z
A user without an SSH account can still pass password authentication and log into the server
through Stelnet or SFTP, as long as the user can pass AAA authentication and the service type is
SSH.
z
An SSH server supports up to 1024 SSH users.
z
The service type of an SSH user can be Stelnet (Secure Telnet) or SFTP (Secure FTP). For
information about Stelnet, refer to
. For information about SFTP, refer to
.
z
For successful login through SFTP, you must set the user service type to sftp or all.
z
As SSH1 does not support service type sftp, if the client uses SSH1 to log into the server, you must
set the service type to stelnet or all on the server. Otherwise, the client will fail to log in.
z
The working folder of an SFTP user is subject to the user authentication method. For a user using
only password authentication, the working folder is the AAA authorized one. For a user using only
publickey authentication or using both the publickey and password authentication methods, the
working folder is the one set by using the ssh user command.
z
You can change the authentication method and public key of an SSH user when the user is
communicating with the SSH server. However, your changes take effect only after the user logs out
and logs in again.
For a user using publickey authentication:
z
You must configure on the SSH server the corresponding user and public keys.
z
After login, the commands available for a user are determined by the user privilege level, which is
configured with the user privilege level command on the user interface.
For users using password authentication:
z
You can configure the accounting information either on the device or on the remote authentication
server (such as RADIUS authentication server).
z
After login, the commands available to a user are determined by AAA authorization.