HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 47

• To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters. • If the local authentication scheme is used, use the authorization-attribute level level command in local user view to set the user privilege level on the device. • If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the RADIUS or HWTACACS server. The SSH client authentication method is password in this configuration procedure. For more information about SSH and publickey authentication, see Security Configuration Guide. To configure the SSH server on the device: Step 1. Enter system view. 2. Create local key pairs. 3. Enable SSH server. 4. Enter one or more VTY user interface views. 5. Enable scheme authentication. 6. Enable the user interfaces to support Telnet, SSH, or both of them. 7. Enable command authorization. Command Remarks system-view N/A public-key local create { dsa | rsa } By default, no local key pairs are created. ssh server enable By default, SSH server is disabled. user-interface vty first-number [ last-number ] N/A authentication-mode scheme By default, password authentication is enabled on VTY user interfaces. protocol inbound { all | ssh | telnet } Optional. By default, both Telnet and SSH are supported. command authorization Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. 41