H3C Technologies H3C WX3000 Series Unified Switches User Manual

46-7

The DSA public key format can be SSH2 and OpenSSH, while the RSA public key format can be SSH1,
SSH2 and OpenSSH.

Creating an SSH User and Specify an Authentication Type

This task is to create an SSH user and specify an authentication type for it. Specifying an authentication
type for a new user is a must to get the user login.

Follow these steps to configure an SSH user and specify an authentication type for it:

To do…

Use the command…

Remarks

Enter system view

system-view

—

ssh authentication-type default
{ all | password |
password-publickey

| publickey

| rsa }

Specify the default authentication
type for all SSH users

ssh user username

Create an SSH user, and specify
an authentication type for it

ssh user username
authentication-type

{ all |

password

| password-publickey

| publickey | rsa }

Use either command.
By default, no SSH user is created
and no authentication type is
specified.
Note that: If both commands are
used and different authentication
types are specified, the
authentication type specified with
the ssh user authentication-type
command takes precedence.

z

For password authentication type, the username argument must be consistent with the valid user
name defined in AAA; for publickey authentication, the username argument is the SSH local user
name, so that there is no need to configure a local user in AAA.

z

If the default authentication type for SSH users is password and local AAA authentication is
adopted, you need not use the ssh user command to create an SSH user. Instead, you can use
the local-user command to create a user name and its password and then set the service type of
the user to SSH.

z

If the default authentication type for SSH users is password and remote authentication (RADIUS
authentication, for example) is adopted, you need not use the ssh user command to create an
SSH user, because it is created on the remote server. And the user can use its username and
password configured on the remote server to access the network.

z

Both publickey and rsa indicate public key authentication. They are implemented with the same
method.

z

Under the publickey authentication mode, the level of commands available to a logged-in SSH
user can be configured using the user privilege level command on the server, and all the users
with this authentication mode will enjoy this level.