[x]

Logging in through SSH > Configuring the device as an SSH server

 

 Next

Configuring the device as an SSH server

This section provides the configuration procedure for when the SSH client authentication method is password. For more information about SSH and publickey authentication configuration, see Security Configuration Guide.

To configure SSH login on the device:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create local key pairs.

public-key local create { dsa | rsa | ecdsa } [ name key-name ]

By default, no local key pairs are created.

3. Enable SSH server.

ssh server enable

By default, SSH server is disabled.

4. (Optional.) Create an SSH user and specify the authentication mode.

  • In non-FIPS mode:ssh user username service-type stelnet authentication-type { password | { any | password-publickey | publickey } [ assign { pki-domain domain-name | publickey keyname } ] }

  • In FIPS mode:ssh user username service-type stelnet authentication-type { password | password-publickey [ assign { pki-domain domain-name | publickey keyname } ] }

By default, no SSH user is configured on the device.

5. Enter VTY line view or class view.

  • Enter VTY line view: line vty first-number [ last-number ]

  • Enter VTY line class view:line class vty

A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for new login users.

6. Enable scheme authentication.

authentication-mode scheme

In non-FIPS mode, password authentication is enabled for VTY lines by default.

In FIPS mode, scheme authentication is enabled for VTY lines by default.

In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

7. (Optional.) Specify the protocols for the user lines to support.

  • In non-FIPS mode:protocol inbound { all | ssh | telnet }

  • In FIPS mode:protocol inbound ssh

In non-FIPS mode, Telnet and SSH are supported by default.

In FIPS mode, SSH is supported by default.

A protocol change does not take effect for current online users. It takes effect only for new login users.

In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

8. (Optional.) Set the maximum number of concurrent SSH users.

aaa session-limit ssh max-sessions

By default, the maximum number of concurrent SSH users is 32.

Changing this setting does not affect online users. If the current number of online SSH users is equal to or greater than the new setting, no additional SSH users can log in until online users log out.

For more information about this command, see Security Command Reference.

9. Exit to system view.

quit

N/A

10. (Optional.) Configure common settings for VTY lines.

See "Configuring common VTY line settings."

N/A

prev

 

up

 next

Logging in through SSH 

home

 Using the device to log in to an SSH server

© Copyright 2017 Hewlett Packard Enterprise Development LP