The ssh user command creates an SSH user.
The ssh user assign command assigns an existing public key to an SSH user.
The ssh user authentication-type command configures the authentication type of an SSH user.
The ssh user service-type command configures the service type for the SSH user.
The ssh user sftp-directory command configures the authorized directory of the SFTP service for SSH users.
The undo ssh user command deletes an SSH user.
The undo ssh user assign command deletes the binding between an SSH user and a public key.
The undo ssh user authentication-type command deletes the configured authentication mode.
The undo ssh user service-type command restores the default service type of an SSH user.
The undo ssh user sftp-directory command cancels the authorized SFTP service directory for an SSH user.
By default, no ssh user is created, public key is not assigned to the user, the authentication type of the SSH user is not configured, the service type of the SSH user is not configured, the authorized directory of the SFTP service for the SSH user is not configured.
ssh user user-name
ssh user user-name assign { rsa-key | dsa-key | ecc-key | sm2-key } key-name
ssh user user-name authentication-type { password | rsa | password-rsa | dsa | password-dsa | all | ecc | password-ecc | sm2 | password-sm2 | password-x509v3-rsa | x509v3-rsa }
ssh user user-name service-type { sftp | stelnet | snetconf } *
ssh user user-name sftp-directory directoryname
ssh user user-name assign pki pki-name
undo ssh user user-name authentication-type
undo ssh user user-name assign { rsa-key | dsa-key | ecc-key | sm2-key }
undo ssh user user-name assign pki
undo ssh user user-name service-type
undo ssh user user-name sftp-directory
undo ssh user [ user-name ]
| Parameter | Description | Value |
|---|---|---|
| user-name |
Indicates the name of an SSH user. |
The name is a string of 1 to 253 characters. |
| rsa-key |
Specifies to assign a RSA public key to a user. |
- |
| dsa-key |
Specifies to assign a DSA public key to a user. |
- |
| ecc-key |
Specifies to assign a ECC public key to a user. |
- |
| sm2-key |
Specifies to assign a SM2 public key to a user. |
- |
| key-name |
Specifies the name of an ECC public key generated on the client. |
The value is a string of 1 to 40 case-sensitive characters, spaces not supported. |
| password |
Indicates password authentication. |
- |
| rsa |
Indicates RSA authentication. To ensure high security, do not use the RSA algorithm whose length is less than 2048 digits as the authentication type for the SSH user. You are advised to use a more secure ECC authentication algorithm for higher security. |
- |
| password-rsa |
Indicates that both password authentication and RSA authentication must be adopted. |
- |
| dsa |
Indicates DSA authentication. |
- |
| password-dsa |
Indicates that both password authentication and DSA authentication must be adopted. |
- |
| all |
Indicates all authentication modes. |
- |
| ecc |
Indicates ECC authentication. |
- |
| password-ecc |
Indicates that both password authentication and ECC authentication must be adopted. |
- |
| sm2 |
Indicates SM2 authentication. |
- |
| password-sm2 |
Indicates that both password authentication and SM2 authentication must be adopted. |
- |
| password-x509v3-rsa |
Indicates that both password authentication and X509V3-SSH-RSA authentication must be adopted. |
- |
| x509v3-rsa |
Indicates X509V3-SSH-RSA authentication. |
- |
| sftp |
Indicates the SFTP service type. |
- |
| stelnet |
Indicates the STelnet and SCP service type. |
- |
| snetconf |
Indicates the SNETCONF service type. |
- |
| sftp-directory directoryname |
Specifies the directory name of the SFTP server. |
The name is a string of 1 to 255 characters. |
| pki pki-name |
Indicates PKI domain. |
The value is a string of 1 to 64 case-sensitive characters, spaces not supported. |
You can create a user using either of the following methods:
The privilege of user supported depends on the ssh authorization-type default command configured by the user.
When the system assigns a public key to a user:
When ECC/DSA/RSA authentication is used to authenticate an SSH user, the client sends the ECC/DSA/RSA public key that is generated locally to the server, and the server then assigns the ECC public key to the SSH user.
The public key to be assigned must be valid.
To ensure high security, do not use the RSA algorithm whose length is less than 2048 digits as the authentication type for the SSH user. You are advised to use a more secure ECC authentication algorithm for higher security.
A new SSH user cannot log in unless being configured with an authentication type. The newly configured authentication type takes effect on next login.
If an authentication type has been configured, the configuration will be deleted after the ssh user authentication-type command is run, and a new authentication type configured using the command will be used.
The ssh user service-type command configures the service type for the SSH user.
The ssh user <user-name> sftp-directory <sftp-dir-path> command configures the sftp directory for the SSH user.
When an SFTP user logs in to a device, the directory configured using ssh user username sftp-directory directoryname is preferentially selected, followed by the directory configured using local-user <user-name> ftp-directory <directory>.
The commands take effect for both ipv4 and ipv6 functions.
You can run the display ssh user-information command to view the configuration of all SSH users.
<HUAWEI> system-view [~HUAWEI] ssh user testuser
<HUAWEI> system-view [~HUAWEI] ssh user testuser assign ecc-key key1
<HUAWEI> system-view [~HUAWEI] ssh user testuser assign sm2-key sm2key001
<HUAWEI> system-view [~HUAWEI] ssh user testuser service-type all
<HUAWEI> system-view [~HUAWEI] ssh user testuser sftp-directory cfcard:/ssh