Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

157

•

If publickey authentication, whether with password authentication or not, is used, the command

level accessible to the user is set by the user privilege level command on the user interface. If only
password authentication is used, the command level accessible to the user is authorized by AAA.

•

A user without an SSH account can still pass password authentication and log in to the server
through Stelnet or SFTP, as long as the user can pass AAA authentication and the service type is

SSH.

•

An SSH server supports up to 1024 SSH users.

•

For successful login through SFTP, you must set the user service type to sftp or all.

•

SSH1 does not support the service type sftp. If the client uses SSH1 to log in to the server, you must
set the service type to stelnet or all.

•

For an SFTP SSH user, the working folder depends on the authentication method:

{

If only password authentication is used, the working folder is authorized by AAA.

{

If publickey authentication, whether with password authentication or not, is used, the working
folder is set by using the ssh user command.

•

If you change the authentication method and public key of an SSH user that has been logged in,
your changes take effect only at the next login of the user.

Configuration procedure

To configure an SSH user and specify the service type as Stelnet:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSH user, and
specify the service type as

Stelnet.

•

In non-FIPS mode:
ssh user username service-type stelnet

authentication-type { password | { any |

password-publickey | publickey } assign
publickey keyname }

•

In FIPS mode:

ssh user username service-type stelnet
authentication-type { password |

password-publickey assign publickey

keyname }

Use either command.

To configure an SSH user and specify the service type as all or SFTP:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an SSH user, and
specify the service type as

all or SFTP.

•

In non-FIPS mode:

ssh user username service-type { all | sftp }

authentication-type { password | { any |
password-publickey | publickey } assign

publickey keyname work-directory

directory-name }

•

In FIPS mode:

ssh user username service-type { all | sftp }

authentication-type { password |
password-publickey assign publickey keyname

work-directory directory-name }

Use either command.