Often it is observed that the SSH connection authenticates both SSH1 and SSH2 connectivity.Which is a security concern for the security administrator.Hence there is a simple command that will disable SSH1 authentication and allow only SSH2 connection on a H3C based devices.
Note: SSH server needs to be enabled to carry out this.
H3C device :
#Step 1 : enable the local SCHEME for radius & domain authentication.
# radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#Step-2 : Add the user-group and the local users.
#
user-group system
#
local-user admin
password cipher $*)@$*&(%*&
authorization-attribute level 3
access-limit 4
service-type ssh
# Step 3 : Enable the SSH server and impose restriction on the ssh connectivity
#
ssh server enable
undo ssh server compatible-ssh1x
#
user-interface aux 0 8
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
# END
Note: SSH server needs to be enabled to carry out this.
H3C device :
#Step 1 : enable the local SCHEME for radius & domain authentication.
# radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#Step-2 : Add the user-group and the local users.
#
user-group system
#
local-user admin
password cipher $*)@$*&(%*&
authorization-attribute level 3
access-limit 4
service-type ssh
# Step 3 : Enable the SSH server and impose restriction on the ssh connectivity
#
ssh server enable
undo ssh server compatible-ssh1x
#
user-interface aux 0 8
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
# END
grt
ReplyDelete