Login
- Table of Contents
-
- 05-Web configuration examples (AC+fit AP)
- 01-Telnet Access Control Configuration Example
- 02-IPv6 Telnet Access Control Configuration Example
- 03-Web Access Control Configuration Example
- 04-User Role Assignment for Local Web Authentication Users Configuration Example
- 05-SSH Local Authentication Configuration Example
- 06-SSH User Remote Password Authentication Configuration Example
- 07-IPv6 SSH User Remote Password Authentication Configuration Example
- 08-Password Control Configuration Example
- 09-Licensing Configuration Example
- 10-Automatic License Installation Configuration Example
- 11-Layer 2 Static Link Aggregation Configuration Example
- 12-Layer 2 Dynamic Link Aggregation Configuration Example
- 13-PPPoE Client Configuration Example
- 14-Static IPv6 Address Configuration Example
- 15-IPv6 Static Routing Configuration Example
- 16-Static IPv4 DNS Configuration Example
- 17-Static IPv6 DNS Configuration Example
- 18-IGMP Snooping Configuration Example
- 19-MLD Snooping Configuration Example
- 20-IPv4 DNS Proxy Configuration Example
- 21-IPv6 DNS Proxy Configuration Example
- 22-Static NAT Configuration Example
- 23-Dynamic NAT Configuration Example
- 24-IPv4 ACL-Based Packet Filter Configuration Example
- 25-IPv6 ACL-Based Packet Filter Configuration Example
- 26-ARP Attack Protection Configuration Example
- 27-ARP Proxy Configuration Example
- 28-Dynamic IPv4 DNS Configuration Example
- 29-Dynamic IPv6 DNS Configuration Example
- 30-WLAN Access Configuration Example
- 31-Different Wireless Services on Different Radios Configuration Example
- 32-CAPWAP Tunnel Establishment Through DHCP Configuration Example
- 33-CAPWAP Tunnel Establishment Through DHCPv6 Configuration Example
- 34-CAPWAP Tunnel Establishment Through DNS Configuration Example
- 35-CAPWAP Tunnel Establishment Through DNSv6 Configuration Example
- 36-Auto AP Configuration Example
- 37-AP Group Configuration Example
- 38-Radio Management Configuration Example
- 39-Load Balancing Group-Based Session-Mode Load Balancing Configuration Example
- 40-Radio-Based Session-Mode Load Balancing Configuration Example
- 41-A-MPDU and A-MSDU Configuration Example
- 42-Device Classification and Countermeasure Configuration Example
- 43-Malformed Packet Detection and Flood Attack Detection Configuration Example
- 44-Signature-Based Attack Detection Configuration Example
- 45-802.1X RADIUS-Based AAA Configuration Example
- 46-VLAN Interface-Based Direct Portal Authentication Configuration Example
- 47-Service Template-Based Direct Portal Authentication Configuration Example
- 48-Wireless Spectrum Analysis Configuration Example
- 49-Auto DFS Configuration Examples
- 50-Auto TPC Configuration Examples
- 51-Whitelist-Based Client Access Control Configuration Example
- 52-Blacklist-Based Client Access Control Configuration Example
- 53-CAC Configuration Example
- 54-WLAN Probe Configuration Example
- 55-Intra-AC Roaming Configuration Example
- 56-Bonjour Gateway Configuration Example
- 57-IPv4 Multicast Optimization Configuration Examples
- 58-IPv6 Multicast Optimization Configuration Examples
- 59-Ping Configuration Example
- 60-Local Packet Capture Configuration Example
- 61-Remote Packet Capture Configuration Example
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-SSH User Remote Password Authentication Configuration Example | 256.55 KB |
|
|
|
H3C Access Controllers |
|
Comware 7 SSH User Remote Password |
|
Authentication Configuration Example |
Copyright © 2022 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Overview
The following information provides an example for configuring RADIUS-based remote password authentication for an SSH user who wants to log in to the AC to manage it.
Prerequisites
The following information applies to Comware 7-based access controllers. Procedures and information in the examples might be slightly different depending on the software or hardware version of the H3C access controllers.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of AAA and SSH.
Example: Configuring remote password authentication for an SSH user
Network configuration
As shown in Figure 1, the AC acts as an Stelnet server. It uses a RADIUS server to perform authentication, authorization, and accounting for the SSH user. The authentication method is password.
An IMC server is used as the RADIUS server. Configure an SSH user account (hello@bbb) and the user password on the RADIUS server.
The shared key for secure RADIUS communication is expert. The AC includes the domain name in the username sent to the RADIUS server, so the server can provide services for users according to their domain names.
The SSH user uses an Stelnet client to log in to the AC by providing the username and password configured on the RADIUS server.
Procedures
Configuring the RADIUS server
In this example, the RADIUS server runs on IMC PLAT 7.0 (E0102) and IMC UAM 7.0 (E0201).
Adding the AC to the IMC Platform as an access device
1. Log in to IMC.
2. Click the User tab.
3. From the navigation tree, select User Access Policy > Access Device Management > Access Device.
4. Click Add.
5. Configure an access device as follows:
a. Set the ports for authentication and accounting to 1812 and 1813, respectively.
b. Select the service type Device Management Service.
c. Select the access device type H3C(General).
d. Set the shared key to expert for secure RADIUS communication.
e. Select the AC from the device list or manually add the AC. (The IP address of the AC is 192.168.100.131).
|
|
NOTE: The IP address of the AC added to the IMC platform must be the same as the source IP address of outgoing RADIUS packets configured on the AC. This example uses the default source IP address of RADIUS packets, which is the IP address of the output interface of the RADIUS packets. |
f. Use the default settings for other parameters.
6. Click OK.
Figure 2 Adding the AC as an access device
Adding a user account for device management
1. Click the User tab.
2. From the navigation tree, select Access User > Device User.
3. Click Add.
4. Configure a device management account as follows:
a. Enter the account name hello@bbb and the password.
b. Select the service type SSH.
c. Use the default settings for other parameters.
5. Click OK.
Figure 3 Adding a device management account
Configuring the AC
Enabling the Stelnet service
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select Network Configuration > Management Protocols.
3. Click the SSH tab.
4. Enable the Stelnet service.
Figure 4 Enabling the Stelnet service
Configuring the RADIUS server
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select Network Security > Authentication.
3. Click the RADIUS tab.
4. Click the Add button 
.
5. Configure a RADIUS scheme:
a. Enter RADIUS scheme name ssh.
b. Specify the primary authentication server as 192.168.100.240 and the share key as expert. Use the default settings of other parameters.
c. Specify the primary accounting server as 192.168.100.240 and the share key as expert. Use the default settings of other parameters.
Figure 5 Configuring the RADIUS server
6. Click Apply.
Configuring an ISP domain
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select Network Security > Authentication.
3. On the ISP Domains tab, click the Add button 
.
4. Configure an ISP domain:
a. Enter domain name bbb.
b. Select Login for Service type.
c. Select RADIUS and specify RADIUS scheme ssh for Authentication, Authorization, and Accounting.
Figure 6 Configuring an ISP domain
5. Click Apply.
Verifying the configuration
There are different types of Stelnet client software, such as PuTTY and OpenSSH. This example uses PuTTY0.58 to verify the configuration.
1. Execute PuTTY.
2. Enter 192.168.100.131 in the Host Name (or IP address) field.
3. Click Open.
4. Verify that you can use username hello@bbb and the password to log in to the configuration page of the AC.
Related documentation
H3C Access Controllers Web-Based Configuration Guide
