ssh user
Syntax
In non-FIPS mode:
ssh user username service-type stelnet authentication-type { password | { any | password-publickey | publickey } assign publickey keyname&<1-6> }
ssh user username service-type { all | scp | sftp } authentication-type { password | { any | password-publickey | publickey } assign publickey keyname&<1-6> work-directory directory-name }
undo ssh user username
In FIPS mode:
ssh user username service-type stelnet authentication-type { password | password-publickey assign publickey keyname&<1-6> }
ssh user username service-type { all | scp | sftp } authentication-type { password | password-publickey assign publickey keyname&<1-6> work-directory directory-name }
undo ssh user username
View
System view
Default level
3: Manage level
Parameters
username: Specifies an SSH username, a case-sensitive string of 1 to 80 characters.
service-type: Specifies the service type of an SSH user, which can be one of the following:
all: Specifies Stelnet, SFTP, and SCP.
scp: Specifies the service type as secure copy.
sftp: Specifies the service type as secure FTP.
stelnet: Specifies the service type of secure Telnet.
authentication-type: Specifies the authentication method of an SSH user, which can be one of the following:
password: Specifies password authentication. This authentication method features easy and fast encryption, but it is vulnerable. It can work with AAA to implement user authentication, authorization, and accounting.
any: Specifies either password authentication or publickey authentication.
password-publickey: Specifies both password authentication and publickey authentication (featuring higher security) if the client runs SSH2, and performs either type of authentication if the client runs SSH1.
publickey: Specifies publickey authentication. This authentication method has the downside of complicated and slow encryption, but it provides strong authentication that can defend against brute-force attacks. This authentication method is easy to use. Once it is configured, the authentication process completes automatically without the need of remembering or entering any password.
assign publickey keyname&<1-6>: Assigns up to six public keys to an SSH user. The keyname argument specifies the name of the client's public key and is a string of 1 to 64 characters. When multiple public keys are used, the SSH server authenticates the user by using the first matching public key.
work-directory directory-name: Specifies the working directory for an SFTP or SCP user. The directory-name argument indicates the name of the working directory and is a string of 1 to 135 characters.
Description
Use ssh user to create an SSH user and specify the service type and authentication method.
Use undo ssh user to delete an SSH user.
For a publickey authentication user, you must configure the username and the public key on the switch. For a password authentication user, you can configure the account information on either the switch or the remote authentication server, such as a RADIUS server.
If you use the ssh user command to configure a public key for a user who has already had a public key, the new one overwrites the old one.
You can change the authentication method and public key of an SSH user when the user is communicating with the SSH server. However, your changes take effect for the clients at next login.
If an SCP or SFTP user has been assigned a public key, it is necessary to set a working folder for the user.
The working folder of an SCP or SFTP user depends on the user authentication method. For a user using only password authentication, the working folder is the AAA authorized one. For a user using only publickey authentication or using both publickey authentication and password authentication, the working folder is the one set by using the ssh user command.
Related commands: display ssh user-information.
Examples
# Create an SSH user named user1, set the service type as sftp, the authentication method as publickey, assign a public key named key1 to the user, and specify the working directory of the SFTP server as flash:/.
<Sysname> system-view [Sysname] ssh user user1 service-type sftp authentication-type publickey assign publickey key1 work-directory flash:/