HP 6125G HP Networking guide to hardening Comware-based devices - Page 8

idle-timeout 1 0 user privilege level 3 # To access the AUX port remotely, the user must first pass local password authentication by default. You can configure AAA to authenticate users accessing the AUX port as follows: # user-interface aux 0 authentication-mode scheme idle-timeout 1 0 user privilege level 3 # You can disable authentication so that users can access the device through the AUX port directly as follows: # user-interface aux 0 authentication-mode none user privilege level 3 idle-timeout 1 0 # Control VTY and TTY lines Interactive management sessions in HP Comware software use a TTY or virtual TTY (VTY). A TTY is used by a terminal for local access to the device or to a modem for dialup access to a device. Note that TTYs can be used for connections to the console ports of other devices. This function allows for reverse Telnet to the device. The TTY lines for these reverse connections must also be controlled. A VTY line is used for all other remote network connections supported by the device. To ensure that a device can be accessed via a local or remote management session, proper controls must be enforced on both VTY lines. HP Comware devices have a limited number of VTY lines. When all VTY lines are in use, new management sessions cannot be established, creating a DoS condition for access to the device. Authentication can be enforced through the use of AAA, which is the recommended method for authenticated access to a device. The following gives an example configuration: # user-interface tty 33 authentication-mode scheme user privilege level 3 idle-timeout 1 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3 idle-timeout 1 0 # Note: Set a short time value with the idle-timeout command to ensure that users who no longer use the TTYs or VTYs are logged out in time. The default time value is 10 minutes. 8