Configuring an SSH user

If the authentication method is publickey, you must perform the procedure in this section.

If the authentication method is password or password-publickey, you must perform one of the following tasks:

If the authentication method is password, you do not need to create an SSH user. However, if you want to display all SSH users, including the password-only SSH users, for centralized management, you can use this command to create them. If such an SSH user has been created, make sure you have specified the correct service type and authentication method.

Configuration guidelines

When configure an SSH user, follow these guidelines:

Configuration procedure

To configure an SSH user and specify the service type and authentication method:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create an SSH user, and specify the service type and authentication method.

  • (In non-FIPS mode.) Create an SSH user, and specify the service type and authentication method for Stelnet users:ssh user username service-type stelnet authentication-type { keyboard-interactive | password | { any | password-publickey | publickey } assign { pki-domain domain-name | publickey keyname } }

  • (In FIPS mode.) Create an SSH user, and specify the service type and authentication method for Stelnet users:ssh user username service-type stelnet authentication-type { keyboard-interactive | password | password-publickey assign { pki-domain domain-name | publickey keyname } }

  • (In non-FIPS mode.) Create an SSH user, and specify the service type and authentication method for all users, SCP or SFTP users:ssh user username service-type { all | scp | sftp } authentication-type { keyboard-interactive | password | { any | password-publickey | publickey } assign { pki-domain domain-name | publickey keyname } work-directory directory-name }

  • (In FIPS mode.) Create an SSH user, and specify the service type and authentication method for all users, SCP or SFTP users:ssh user username service-type { all | scp | sftp } authentication-type { keyboard-interactive | password | password-publickey assign { pki-domain domain-name | publickey keyname } work-directory directory-name }

Use either command.