Using the lb product to log in to an ssh server – H3C Technologies H3C SecBlade LB Cards User Manual

Page 37

Advertising
background image

27

Step Command

Remarks

8.

Enable command accounting. command accounting

Optional.
By default, command accounting is

disabled. The accounting server
does not record the commands

executed by users.

9.

Exit to system view.

quit

N/A

10.

Apply an AAA authentication

scheme to the intended
domain.

a.

Enter the ISP domain view:
domain domain-name

b.

Apply the specified AAA
scheme to the domain:

authentication default

{ hwtacacs-scheme

hwtacacs-scheme-name
[ local ] | local | none |

radius-scheme

radius-scheme-name
[ local ] }

c.

Exit to system view:
quit

Optional.
For local authentication, configure
local user accounts.
For RADIUS or HWTACACS
authentication, configure the

RADIUS or HWTACACS scheme

on the LB product and configure
authentication settings (including

the username and password) on

the server.
For more information about AAA
configuration, see Security

Configuration Guide.

11.

Create a local user and enter

local user view.

local-user user-name

By default, there is a local user
named admin.

12.

Set a password for the local

user.

password [ [ hash ] { cipher |
simple } password ]

By default, no password is set.

13.

Specify the command level of
the user.

authorization-attribute level level

Optional.
By default, the command level is 0.

14.

Specify SSH service for the
user.

service-type ssh

By default, no service type is
specified.

15.

Exit to system view.

quit

N/A

16.

Create an SSH user, and
specify the authentication

mode for the SSH user.

ssh user username service-type
stelnet authentication-type

{ password | { any |
password-publickey | publickey }

assign publickey keyname }

N/A

17.

Configure common settings

for VTY user interfaces.

See "

Configuring common VTY

user interface settings (optional)

."

Optional.

Using the LB product to log in to an SSH server

You can use the LB product as an SSH client to log in to an SSH server. If the server is located in a different

subnet than the LB product, make sure the two devices have routes to reach each other.

Advertising
This manual is related to the following products:

H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals