Scribd
Upload
0 views

01-System Management-SSH User Remote Password Authentication Configuration Example

This document provides a configuration example for setting up RADIUS-based remote password authentication for SSH users on H3C Access Controllers using Comware 7. It includes prerequisites, detailed procedures for configuring the RADIUS server and the access controller, and verification steps to ensure successful login. The document serves as a guide for network administrators to manage SSH access securely.

Uploaded by

primeopticala
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
0 views

01-System Management-SSH User Remote Password Authentication Configuration Example

This document provides a configuration example for setting up RADIUS-based remote password authentication for SSH users on H3C Access Controllers using Comware 7. It includes prerequisites, detailed procedures for configuring the RADIUS server and the access controller, and verification steps to ensure successful login. The document serves as a guide for network administrators to manage SSH access securely.

Uploaded by

primeopticala
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

H3C Access Controllers

Comware 7 SSH User Remote Password


Authentication Configuration Example

Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New
H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are
the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Overview ······································································································· 1
Prerequisites·································································································· 1
Example: Configuring remote password authentication for an SSH user ······· 1
Network configuration ········································································································································ 1
Procedures ························································································································································· 2
Configuring the RADIUS server ················································································································· 2
Configuring the AC ····································································································································· 3
Verifying the configuration·································································································································· 5
Related documentation ·················································································· 5

i
Overview
The following information provides an example for configuring RADIUS-based remote password
authentication for an SSH user who wants to log in to the AC to manage it.

Prerequisites
The following information applies to Comware 7-based access controllers. Procedures and
information in the examples might be slightly different depending on the software or hardware
version of the H3C access controllers.
The configuration examples were created and verified in a lab environment, and all the devices were
started with the factory default configuration. When you are working on a live network, make sure
you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of
AAA and SSH.

Example: Configuring remote password


authentication for an SSH user
Network configuration
As shown in Figure 1, the AC acts as an Stelnet server. It uses a RADIUS server to perform
authentication, authorization, and accounting for the SSH user. The authentication method is
password.
An IMC server is used as the RADIUS server. Configure an SSH user account (hello@bbb) and the
user password on the RADIUS server.
The shared key for secure RADIUS communication is expert. The AC includes the domain name in
the username sent to the RADIUS server, so the server can provide services for users according to
their domain names.
The SSH user uses an Stelnet client to log in to the AC by providing the username and password
configured on the RADIUS server.
Figure 1 Network diagram

RADIUS server
192.168.100.240/24

Vlan-int100
192.168.100.131/24
Internet
SSH user
AC
192.168.100.25/24

1
Procedures
Configuring the RADIUS server
In this example, the RADIUS server runs on IMC PLAT 7.0 (E0102) and IMC UAM 7.0 (E0201).
Adding the AC to the IMC Platform as an access device
1. Log in to IMC.
2. Click the User tab.
3. From the navigation tree, select User Access Policy > Access Device Management >
Access Device.
4. Click Add.
5. Configure an access device as follows:
a. Set the ports for authentication and accounting to 1812 and 1813, respectively.
b. Select the service type Device Management Service.
c. Select the access device type H3C(General).
d. Set the shared key to expert for secure RADIUS communication.
e. Select the AC from the device list or manually add the AC. (The IP address of the AC is
192.168.100.131).

NOTE:
The IP address of the AC added to the IMC platform must be the same as the source IP
address of outgoing RADIUS packets configured on the AC. This example uses the default
source IP address of RADIUS packets, which is the IP address of the output interface of the
RADIUS packets.

f. Use the default settings for other parameters.


6. Click OK.
Figure 2 Adding the AC as an access device

Adding a user account for device management


1. Click the User tab.
2. From the navigation tree, select Access User > Device User.
3. Click Add.
4. Configure a device management account as follows:
a. Enter the account name hello@bbb and the password.
b. Select the service type SSH.
c. Use the default settings for other parameters.
5. Click OK.

2
Figure 3 Adding a device management account

Configuring the AC
Enabling the Stelnet service
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select Network Configuration > Management Protocols.
3. Click the SSH tab.
4. Enable the Stelnet service.
Figure 4 Enabling the Stelnet service

Configuring the RADIUS server


1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select Network Security > Authentication.
3. Click the RADIUS tab.
4. Click the Add button .
5. Configure a RADIUS scheme:
a. Enter RADIUS scheme name ssh.
b. Specify the primary authentication server as 192.168.100.240 and the share key as expert.
Use the default settings of other parameters.
c. Specify the primary accounting server as 192.168.100.240 and the share key as expert.
Use the default settings of other parameters.

3
Figure 5 Configuring the RADIUS server

6. Click Apply.
Configuring an ISP domain
1. Click the System View tab at the bottom of the page.
2. From the navigation pane, select Network Security > Authentication.
3. On the ISP Domains tab, click the Add button .
4. Configure an ISP domain:
a. Enter domain name bbb.
b. Select Login for Service type.
c. Select RADIUS and specify RADIUS scheme ssh for Authentication, Authorization, and
Accounting.
Figure 6 Configuring an ISP domain

4
5. Click Apply.

Verifying the configuration


There are different types of Stelnet client software, such as PuTTY and OpenSSH. This example
uses PuTTY0.58 to verify the configuration.
1. Execute PuTTY.
2. Enter 192.168.100.131 in the Host Name (or IP address) field.
3. Click Open.
4. Verify that you can use username hello@bbb and the password to log in to the configuration
page of the AC.

Related documentation
H3C Access Controllers Web-Based Configuration Guide

You might also like