ssh server authentication-type keyboard-interactive enable

Function

The ssh server authentication-type keyboard-interactive enable command enables keyboard interactive authentication on an SSH server.

The undo ssh server authentication-type keyboard-interactive enable command disables keyboard interactive authentication on the SSH server.

By default, keyboard interactive authentication is enabled on an SSH server.

Format

ssh server authentication-type keyboard-interactive enable

undo ssh server authentication-type keyboard-interactive enable

Parameters

None

Views

System view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
ssh-server write

Usage Guidelines

  • Keyboard interaction authentication is also called password card authentication. If you need to log in to an SSH server in keyboard interactive authentication mode, run the ssh server authentication-type keyboard-interactive enable command. Its function implementation process is as follows: An SSH user enters the user name to log in to a device. After detecting that the user is a password card authentication user, the TACACS server sends the user name to the password card authentication server. The password card authentication server generates a challenge code based on the user name and sends the challenge code to the TACACS server. The TACACS server displays the challenge code on the device. The user enters the user password and the received challenge code in the password card. The password card computes a challenge response code. The user sends the challenge response code to the password card authentication server using the device and TACACS server. The password card authentication server checks whether the challenge response code is correct and returns the authentication result to the user.
  • After this function is enabled, the system prompts the user to enter the challenge response code.
  • If you need to log in to the SSH server in password authentication mode, run the undo ssh server authentication-type keyboard-interactive enable command to disable keyboard interactive authentication as required.

Example

# Enable keyboard interactive authentication on an SSH server.
<HUAWEI> system-view
[~HUAWEI] ssh server authentication-type keyboard-interactive enable
Parent Topic: SSH Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >