Logging in through ssh, Configuring the ssh server on the device – H3C Technologies H3C SecPath F1000-E User Manual

Page 36

Advertising
background image

28

Logging in through SSH

SSH offers a secure approach to remote login. By providing encryption and strong authentication, it
protects devices against attacks such as IP spoofing and plain text password interception. You can use an

SSH client to log in to the device working as an SSH server for remote management, as shown in

Figure

20

. You can also use the device as an SSH client to log in to an SSH server.

Figure 20 SSH login diagram

Table 6

shows the SSH server and client configuration required for a successful SSH login.

Table 6 SSH server and client requirements

Device role

Requirements

SSH server

Configure the IP address of the device’s management interface, and make sure the
SSH server and client can reach each other. By default, the IP address of the
management interface is 192.168.0.1/24.
Configure the authentication mode and other settings.

SSH client

If the host operates as an SSH client, run the SSH client program on the host.
Obtain the management interface’s IP address of the device to be logged in.

To control SSH access to the device working as an SSH server, configure authentication and user
privilege level for SSH users. By default, password authentication is adopted for SSH login, but no login

password is configured. To allow SSH access to the device after you enable the SSH server, you must

configure a password.

Configuring the SSH server on the device

Follow these guidelines when you configure the SSH server:

To make the command authorization or command accounting function take effect, apply an
HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the

authorization server and other authorization parameters. For more information, see Access Control
Configuration Guide.

If the local authentication scheme is used, use the authorization-attribute level level command in
local user view to set the user privilege level on the device.

If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the
RADIUS or HWTACACS server.

The SSH client authentication method is password in this configuration procedure. For more information

about SSH and publickey authentication, see System Management and Maintenance Configuration
Guide.
To configure the SSH server on the device:

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals