ssh user

Use ssh user to create an SSH user and specify the service type and authentication method.

Use undo ssh user to delete an SSH user.

Syntax

In non-FIPS mode:

ssh user username service-type { all | netconf | scp | sftp | stelnet } authentication-type { password | { any | password-publickey | publickey } [ assign { pki-domain domain-name | publickey keyname&<1-6> } ] }

undo ssh user username

In FIPS mode:

ssh user username service-type { all | netconf | scp | sftp | stelnet } authentication-type { password | password-publickey [ assign { pki-domain domain-name | publickey keyname&<1-6> } ] }

undo ssh user username

Default

No SSH users exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

username: Specifies an SSH username, a case-sensitive string of 1 to 80 characters. The username cannot be a, al, or all. In addition, the username cannot include vertical bars (|), colons (:), asterisks (*), question marks (?), or angle brackets (< >). The at sign (@), slash (/), and backslash (\) can only be used to append ISP domain names to usernames in the pureusername@domain, pureusername/domain, and domain\pureusername format. Do not include hyphens (-) in the username of an SCP user. Otherwise, SCP logins using that username will fail.

service-type: Specifies a service type for the SSH user.

authentication-type: Specifies an authentication method for the SSH user.

assign: Specifies parameters used for client verification.

Usage guidelines

Use this command to configure an SSH user depending on the authentication method.

For an SFTP or SCP user, the working directory depends on the authentication method.

For an SSH user, the user role also depends on the authentication method.

If you use this command to specify a host public key or a PKI domain for a user multiple times, the most recent configuration takes effect. If neither a host public key nor a PKI domain is specified for the user, the user uses certificate authentication for login. The server uses the PKI domain of its own certificate to verify the client's certificate.

The command configuration does not affect logged-in users. It affects only users that attempt to log in after the configuration.

Examples

# Create an SSH user named user1. Specify the service type as sftp and the authentication method as password-publickey for the user. Assign the host public key key1 to the user.

<Sysname> system-view
[Sysname] ssh user user1 service-type sftp authentication-type password-publickey assign publickey key1

# Create a local device management user named user1. Specify the password as 123456TESTplat&! in plain text and the service type as ssh for the user. Assign the working directory flash: and the network-admin user role to the user.

[Sysname] local-user user1 class manage
[Sysname-luser-manage-user1] password simple 123456TESTplat&!
[Sysname-luser-manage-user1] service-type ssh
[Sysname-luser-manage-user1] authorization-attribute work-directory flash: user-role network-admin

Related commands

authorization-attribute

display ssh user-information

local-user

pki domain