No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Difference in SSH Between V3R1 and V3R2

Publication Date:  2012-07-27 Views:  35 Downloads:  0
Issue Description
After the NE40E is upgraded from V3R1 to V3R2, the device cannot be accessed through SSH with a trap record saying that the SSH server denies the access.
Version before the upgrade: NE40E&80E V300R001C01B052.
Version after the upgrade: NE40E&80E V300R002C06B323. 
 
Alarm Information
Null 
Handling Process
Do as follows to modify the related configuration of the SSH.
The first configuration solution: two configurations are needed to realize SSH.
stelnet server enable
―A newly added command to V3R2. This command is needed for SSH to log in.
ssh authentication-type default password
― Enable this command and then SSH users employ automatically the users created in the aaa without the need to configure ssh user in the system view.
The second configuration solution: Add each SSH user and specify the service type of the user to support stelnet. By doing so, SSH can be realized. For example:
stelnet server enable
ssh user username
ssh user username authentication-type password
ssh user username service-type stelnet
― This command must be configured to select the service type. 
 
Root Cause
The realization of the original V3R1:
There is only one solution: to specify the authentication type as password when adding each SSH user. The configuration of the current network:
aaa
local-user X.X.X.X.X password cipher .;\V:$N$01=B,.\#C3YB91!!
local-user X.X.X.X.X service-type ssh
local-user X.X.X.X.X level 3
ssh user X.X.X.X.X authentication-type password
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
protocol inbound all
The realization of the current V3R2:
The first configuration solution: two configurations are needed to realize SSH.
stelnet server enable
― A newly added command to V3R2. This command is needed for SSH to log in.
ssh authentication-type default password
― Enable this command and then SSH users employ automatically the users created in the aaa without the need to configure ssh user in the system view.
The second configuration solution: Add each SSH user and specify the service type of the user to support stelnet. Thus, SSH can be realized. For example:
stelnet server enable
ssh user username
ssh user username authentication-type password
ssh user username service-type stelnet
― This command must be configured to select the service type.
Because the sftp and stelnet functions are added to the V3R2, the service-type command is added to the configuration for users to choose different service types and to ensure a better security.
Users can choose a solution based on their needs. The application of the two solutions at the same time has the same effect. 
 
Suggestions
Null 

END