No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ssh user authentication-type

ssh user authentication-type

Function

The ssh user authentication-type command configures the authentication mode for an SSH user.

The undo ssh user authentication-type command restores the default authentication mode for an SSH user.

By default, the password authentication mode is configured for an SSH user.

Format

ssh user user-name authentication-type { password | rsa | password-rsa | ecc | password-ecc | all }

undo ssh user user-name authentication-type

Parameters

Parameter Description Value
user-name Specifies the SSH user name.

The value is a string of 1 to 64 case-insensitive characters without spaces.

password Specifies the password authentication mode. -
rsa Specifies the RSA authentication mode. -
password-rsa Specifies the password and RSA authentication mode. -
ecc Specifies the ECC authentication mode. -
password-ecc Specifies the password and ECC authentication modes. -
all

Specifies the password, ECC, or RSA authentication mode.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

A new SSH user cannot log in unless being configured with an authentication mode. The newly configured authentication mode takes effect on the next login.

When an authentication mode is configured for an SSH user but user-name of the user does not exist, an SSH user with the name of user-name is created. The authentication mode of the new SSH user is the configured one.
To improve security, it is recommended that you use ECC as the authentication algorithm to log in to the SSH server.

Table 2-25 shows the application scenario of each authentication mode.

Table 2-25  Application scenario of each authentication mode

Authentication Mode

Application Scenario

RSA authentication

It is a public key encryption architecture and an asymmetric encryption algorithm. Based on the problem of factoring large numbers, RSA is mainly used to transmit the keys of the symmetric encryption algorithm, which can improve encryption efficiency and simplify key management. The server must first check the validity of the SSH user and whether the public key and the numeric signature are valid. If all of them are consistent with those configured on the server, user authentication succeeds. If any of the three cannot pass authentication, the user access is denied.

ECC authentication

Like RSA authentication, the server first checks the validity of the SSH user and whether the public key and the numeric signature are valid. If all of them are consistent with those configured on the server, user authentication succeeds. If any of the three cannot pass authentication, the user access is denied. Compared with the RSA algorithm, the ECC authentication has the following advantages:
  • Provides the same security with shorter key length.
  • Features a shorter computing process and higher processing speed.
  • Requires less storage space.
  • Requires lower bandwidth.

Password authentication

On the server, the AAA module assigns each valid user a password for login. That is, the server has the mappings between user names and passwords. When a user wants to log in to the server, the server authenticates the user name and its password respectively. If either of them cannot pass authentication, the user access is denied.

password-rsa or password-ecc authentication

The server can authenticate the client by checking both the public key and the password, and the authentication succeeds only when both the public key and the password are consistent with those configured on the server.

All authentication

The server can authenticate the client by checking both the public key and the password, and the authentication succeeds when either of them is consistent with that configured on the server.

NOTE:
In all authentication mode, the user priority depends on the authentication mode selected.
  • If password authentication is selected, the user priority is the same as that specified on the AAA module.
  • If RSA/ECC authentication is selected, the user priority depends on the priority of the VTY window used during user access.

If all authentication is selected and an AAA user with the same name as the SSH user exists, user priorities may be different in password authentication and RSA/ECC authentication modes. Set relevant parameters as needed.

Precautions

A new SSH user cannot log in to the SSH server unless being configured with an authentication mode. The newly configured authentication mode takes effect upon next login.

Only one login user can be configured on the AP. Therefore, user-name specifies only the current login user.

Example

# Configure the password authentication mode for an SSH user John.

<Huawei> system-view
[Huawei] ssh user john authentication-type password
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 201268

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next