3com WX3000 Manuel D’Utilisation

Page de 715
 
1-8 
 
For password authentication type, the username argument must be consistent with the valid user 
name defined in AAA; for publickey authentication, the username argument is the SSH local user 
name, so that there is no need to configure a local user in AAA. 
If the default authentication type for SSH users is password and local AAA authentication is 
adopted, you need not use the ssh user command to create an SSH user. Instead, you can use 
the local-user command to create a user name and its password and then set the service type of 
the user to SSH. 
If the default authentication type for SSH users is password and remote authentication (RADIUS 
authentication, for example) is adopted, you need not use the ssh user command to create an 
SSH user, because it is created on the remote server. And the user can use its username and 
password configured on the remote server to access the network. 
Both publickey and rsa indicate public key authentication. They are implemented with the same 
method.  
Under the publickey authentication mode, the level of commands available to a logged-in SSH 
user can be configured using the user privilege level command on the server, and all the users 
with this authentication mode will enjoy this level. 
Under the password authentication mode, the level of commands available to a logged-in SSH 
user is determined by AAA, and different users with this authentication mode may enjoy different 
levels. 
 
Specifying a Service Type for an SSH User 
Follow these steps to specify the service type of an SSH user: 
To do… 
Use the command… 
Remarks 
Enter system view 
system-view 
— 
Specify a service type for an 
SSH user 
ssh user username service-type 
stelnet | sftp | all } 
Required 
stelnet by default 
 
 
If the ssh user service-type command is executed with a username that does not exist, the system will 
automatically create the SSH user. However, the user cannot log in unless you specify an 
authentication type for it. 
 
Configuring SSH Management 
The SSH server provides a number of management functions that prevent illegal operations such as 
malicious password guess, to further guarantee the security of SSH connections. 
Follow these steps to configure SSH management: