< Home

ssh authorization-type default aaa

Function

The ssh authorization-type default aaa command configures the AAA authorization function for the SSH public key authentication user.

The undo ssh authorization-type default aaa command cancels the AAA authorization function configured for the SSH public key authentication user.

By default, the AAA authorization function is not configured for the SSH public key authentication user.

Format

ssh authorization-type default aaa

undo ssh authorization-type default aaa

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The SSH public key authentication user is an SSH user that uses the elliptic curve cryptography (ECC), Rivest-Shamir-Adleman (RSA), or digital signature algorithm (DSA) authentication mode.

If the AAA authorization function is not configured for the SSH public key authentication user, the SSH public key authentication user uses the level of the involved VTY channel. After the AAA authorization function is configured for the SSH public key authentication user, if the authorization succeeds, the SSH public key authentication user uses the level returned by the AAA. If the authorization fails, the user still uses the level of the involved VTY channel.

Precautions
AAA authorization configuration succeeds for the SSH public key authentication user if the following conditions are met:
  • A local authorization scheme is configured for the default domain of the AAA management user.
  • A local user exists, and the SSH access type is configured.

Example

# Configure the AAA authorization function for the SSH public key authentication user.

<HUAWEI> system-view
[HUAWEI] ssh authorization-type default aaa
Parent Topic: User Login Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >