456
In either case, the local user or the SSH user configured on the remote authentication server
must have the same username as the SSH user.
For an SFTP or SCP user, the working directory depends on the authentication method.
•
If the authentication method is
publickey
or
password-publickey
, the working directory is
specified by the
authorization-attribute
command in the associated local user view.
•
If the authentication method is
password
, the working directory is authorized by AAA.
For an SSH user, the user role also depends on the authentication method.
•
If the authentication method is
publickey
or
password-publickey
, the user role is specified by
the
authorization-attribute
command in the associated local user view.
•
If the authentication method is
password
, the user role is authorized by AAA.
If you use this command to specify a host public key or a PKI domain for a user multiple times, the
most recent configuration takes effect. If neither a host public key nor a PKI domain is specified for
the user, the user uses certificate authentication for login. The server uses the PKI domain of its own
certificate to verify the client's certificate.
The command configuration does not affect logged-in users. It affects only users that attempt to log
in after the configuration.
Examples
# Create an SSH user named
user1
. Specify the service type as
sftp
and the authentication method
as
password-publickey
for the user. Assign the host public key
key1
to the user.
<Sysname> system-view
[Sysname] ssh user user1 service-type sftp authentication-type password-publickey assign
publickey key1
# Create a local device management user named
user1
. Specify the password as
123456TESTplat&!
in plain text and the service type as
ssh
for the user. Assign the working
directory
flash:
and the
network-admin
user role to the user.
[Sysname] local-user user1 class manage
[Sysname-luser-manage-user1] password simple 123456TESTplat&!
[Sysname-luser-manage-user1] service-type ssh
[Sysname-luser-manage-user1] authorization-attribute work-directory flash: user-role
network-admin
Related commands
authorization-attribute
display ssh user-information
local-user
pki domain
SSH client commands
bye
Use
bye
to terminate the connection with the SFTP server and return to user view.
Syntax
bye
Views
SFTP client view