Setting the ssh management parameters – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 615
64-10
For users using publickey authentication:
z
You must configure on the device the corresponding username and public keys.
z
After login, the commands available for a user are determined by the user privilege level, which is
configured with the user privilege level command on the user interface. By default, the command
privilege level is 0.
For users using password authentication:
z
You can configure the accounting information either on the device or on the remote authentication
server (such as RADIUS authentication server).
z
After login, the commands available to a user are determined by AAA authorization.
Setting the SSH Management Parameters
SSH management includes:
z
Enabling the SSH server to be compatible with SSH1
z
Setting the server key pair update interval, applicable to users using SSH1 client.
z
Setting the SSH user authentication timeout period
z
Setting the maximum number of SSH authentication attempts
Setting the above parameters can help avoid malicious guess at and cracking of the keys and
usernames, securing your SSH connections.
Follow these steps to set the SSH management parameters:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable the SSH server to work with
SSH1.x clients
ssh server compatible-ssh1x
enable
Optional
By default, the SSH server can
work with SSH1.x clients.
Set the RSA server key pair update
interval
ssh server rekey-interval
hours
Optional
0 by default, that is, the RSA server
key pair is not updated.
Set the SSH user authentication
timeout period
ssh server
authentication-timeout
time-out-value
Optional
60 seconds by default
Set the maximum number of SSH
authentication attempts
ssh server
authentication-retries
times
Optional
3 by default
Authentication will fail if the number of authentication attempts (including both publickey and password
authentication) exceeds that specified in the ssh server authentication-retries command.