Configuring the device as an SSH server
This section provides the SSH server configuration procedure used when the SSH client authentication method is password. For more information about SSH and publickey authentication configuration, see Security Configuration Guide.
To configure the device as an SSH server:
Step | Command | Remarks | |
---|---|---|---|
1. Enter system view. | system-view | N/A | |
2. Create local key pairs. |
| By default, no local key pairs are created. | |
3. Enable the Stelnet server. | ssh server enable | By default, the Stelnet server is disabled. | |
4. (Optional.) Create an SSH user and specify the authentication mode. |
| By default, no SSH user is configured on the device. | |
5. Enter VTY line view or class view. |
| A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view. A setting in user line class view does not take effect for current online users. It takes effect only for new login users. | |
6. Enable scheme authentication. | authentication-mode scheme | In non-FIPS mode, password authentication is enabled for VTY lines by default. In FIPS mode, scheme authentication is enabled for VTY lines by default. In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view. | |
7. (Optional.) Specify the protocols for the user lines to support. |
| In non-FIPS mode, both Telnet and SSH are supported by default. In FIPS mode, SSH is supported by default. A protocol change does not take effect for current online users. It takes effect only for new login users. In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view. | |
8. Exit to system view. | quit | N/A | |
9. (Optional.) Configure common settings for VTY lines. | N/A | ||
10. (Optional.) Set the maximum number of concurrent SSH users. | aaa session-limit ssh max-sessions | The default is 32. Changing this setting does not affect users who are currently online. If the new limit is less than the number of online SSH users, no additional SSH users can log in until the number drops below the new limit. For more information about this command, see Security Command Reference. |