Configuring SSH on the USG2000&5000

26

Configure SSH on the USG2000&5000 as follows:
Configuration roadmap: USG_A serves as the client, and USG_B as the SSH server.

1. Create an SSH user on USG_B.

2. Generate a local key pair on USG_B.

3. Enable the STelnet/SFTP service on USG_B.

4. Log in to USG_B through USG_A on the client.

Other related questions:
Setting the SSH password on the USG2000&5000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] ssh user admin1 [sysname] ssh user admin1 authentication-type password [sysname] aaa [sysname-aaa] local-user admin1 password cipher ********* [sysname-aaa] local-user admin1 service-type ssh [sysname-aaa] local-user admin1 level 3 [sysname-aaa] local-user admin1 access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

Enabling or disabling the Telnet or SSH function on the USG2000&5000
Enable or disable the Telnet or SSH function on the USG2000&5000 as follows: 1. Run the following commands in the CLI to enable or disable the Telnet or SSH function: sy [USG5100]aaa [USG5100-aaa]local-user admin service-type ? dot1x 802.1X user ftp FTP user ppp Indicate PPP user ssh SSH user telnet Telnet user terminal Terminal user web Web authentication user [USG5100-aaa]local-user admin service-type ssh web telnet As shown in the preceding method, only the SSH, web, and Telnet services are enabled for the admin account. Services can be enabled as required.

Disabling the Telnet or SSH service on the USG2000&5000&6000
USG2000&5000& Perform as follows to disable the Telnet or SSH service:
1.  Disable the Telnet service.
<USG> system-VIEW
Enter system view, return user view with Ctrl+Z.  
[USG]undo telnet  server  enable 

2.  Disable the SSH service.
system 
Enter system view, return user view with Ctrl+Z.  
[USG]undo stelnet server  enable

Configuring the USG2000&5000 to allow only login through SSH from the extranet
Configure the USG2000&5000 to allow only login through SSH from the extranet as follows: Configuration roadmap: 1. Create an SSH user on the USG. 2. Generate a local key pair on the USG. 3. Enable the STelnet/SFTP service on the USG. 4. Log in to the USG through the client.

Changing the Telnet/SSH login timeout period on the USG2000&5000&6000
Change the Telnet/SSH login timeout period on the USG2000&5000&6000 as follows: Set the login timeout period for the Telnet/SSH user. For example: Set the login timeout period for the Telnet user to 1 minute and 30 seconds. system-view [sysname] user-interface vty 0 4 [sysname-ui-vty0-4] idle-timeout 1 30

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top