To have a better experience, please upgrade your IE browser.upgrade
Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
Smart Modular Data Centers
Prefabricated Modular Data Centers
Precision Air Conditioners
Data Center Management
Handsets and Terminals
Rapid Deployment System
Enterprise Communications Terminals
Platform or Infrastructure
Enterprise Communications Gateways
Core Network Devices
Radio Access Network Devices
Firewall and Application Security Gateway
DDoS Protection Systems
Anti-APT Based on Big Data Analysis
ME Series Multi-Service Control Gateways
Multi-Service Packet Transport Platforms
AR Series IoT Gateways
AR Series Access Routers
Hybrid Flash Storage
Integrated Video Site Solution
Enterprise Telecom Energy
Smart Site Management System
Multi-Service Transmission Platforms
HD Network Cameras
Video Cloud Nodes
Video Content Management
Indoor Access Points
Outdoor Access Points
Scenario-specific product series
IT Infrastructure Storage Solutions
Data Center Network
Data Center Energy
Enterprise Communications Solution
Contact Center Solution
Advisory and Implementation
Support and Optimization
Training and Certification
Explore Technology Services
National Research and Education Network
Education Cloud Data Center
Multi-Channel HD Telemedicine Solution
Over The Top/Multi-Tenant Data Center (OTT/MTDC)
Internet Exchange Point (IXP)
Internet Access Provider (IAP)
Design & Simulation
Planning & Analytics
Oil & Gas IoT
HPC & Operations Management
Digital Urban Rail
Retail Cloud Platform
Enterprise Data Center
Enterprise Cloud Communications
Network Management System
Buy from Huawei
If you need to get information about your project, please submit your information and we will contact you within one working day.
Consult online customer service regarding products/solutions you are interested in.
If your company has signed an eDeal contract with Huawei, please buy your required product/solution via the link below.
Buy from resellers
Search for a nearby reseller and get direct contact information.
Find a Partner
Become a Partner
Alliance and solution Partner
Huawei Authorized Learning Partner
Huawei Authorized Information and Network Academy
You can log in to a device by using STelnet on networks with high security requirements. STelnet, based on the SSH protocol, provides powerful authentication functions to ensure information security and protect devices against attacks, such as IP spoofing attacks.
A SSH users can be authenticated in six modes: password, RSA, DSA, Password-RSA, Password-DSA, and All. The mos used are the below:
The SSH password authentication can be implemented correctly to provide different privilege levels to users after authentication according to the AAA configuration. In this way we can set different user levels for the SSH users to control the device access permission.
The problem appears in the case where we use RSA authentication for the STelnet services. When we are using RSA key authentication, the user will be correctly authenticated but the user will receive a default privilege level of 0 even though the same user has different level configured in the AAA view.In this situation the user will not be able to reach the system view and will have access to a limited number of commands.
Config and info:
local-user admin password irreversible-cipher xxxx
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh ftp
local-user admin user-type netmanager
stelnet server enable
scp server enable
ssh user admin
ssh user admin authentication-type all
ssh user admin assign rsa-key admin
ssh user admin service-type all
ssh user admin sftp-directory flash:/
Result after loging in with ssh and rsa authentication:
The problem appears because all the SSH users that connect with the RSA authentication on the VTY interfaces will inherit the privilege level configured under the VTY interface, despite the level configured in the AAA view . By default this level is 0
To address this problem the only solution offered by the system in the current releases is to configure the user level under the VTY interfaces. In this way, the users that connect by stelnet with rsa authentication will receive the privilege level configured under the vty interface while the other users that are authenticated by the AAA will still get the proper privilege level.
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]user privilege level 15
After the above change, the ssh user that logs in with rsa authentication will receive privilege level 15.