Configuring Telnet and SSH on the USG6000

14

Configure Telnet and SSH on the USG6000 as follows:

1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through Telnet or SSH.

2. Configure connection number limit on the VTY administrator interface. Limit the number of concurrent remote login sessions on the device to avoid occupying two many system resources, facilitate centralized operation and maintenance, and ensure normal operation when a fault occurs.

3. Configure login through Telnet or SSH.

Other related questions:
Enabling or disabling the Telnet or SSH function on the USG6000
Enable or disable the Telnet or SSH function on the USG6000 as follows: 1. Run the following commands in the CLI to enable or disable the Telnet or SSH function: sy [USG6600-1]aaa [USG6600-1-aaa]manager-user admin [USG6600-1-aaa-manager-user-admin]service-type ? ftp FTP user ssh SSH user telnet Telnet user terminal Terminal user web Web authentication user [USG6600-1-aaa-manager-user-admin]service-type ft [USG6600-1-aaa-manager-user-admin]service-type ftp ssh te [USG6600-1-aaa-manager-user-admin]service-type ftp ssh terminal After you run the preceding commands, the admin account has only the ftp ssh terminal permission but not the telnet web permission.

How to modify default SSH and Telnet ports on U1980
The default SSH and Telnet ports on the U1900 series gateways cannot be modified.

Setting the SSH password on the USG6000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] aaa [sysname-aaa] manager-user admin1 [sysname-aaa-manager-user-admin1] ssh authentication-type password [sysname-aaa-manager-user-admin1] password Enter Password: Confirm Password: [sysname-aaa-manager-user-admin1] service-type ssh [sysname-aaa-manager-user-admin1] level 3 [sysname-aaa-manager-user-admin1] access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

Disabling the Telnet or SSH service on the USG2000&5000&6000
USG2000&5000& Perform as follows to disable the Telnet or SSH service:
1.  Disable the Telnet service.
<USG> system-VIEW
Enter system view, return user view with Ctrl+Z.  
[USG]undo telnet  server  enable 

2.  Disable the SSH service.
system 
Enter system view, return user view with Ctrl+Z.  
[USG]undo stelnet server  enable

Method for configuring Telnet login to the USG6000 series
To understand how to log in to the USG6000 series through Telnet, log in to Huawei Enterprise Service Support website, view or download the product document based on the product model and version, and search the product document for the following case: Configuring Telnet Login to the CLI.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top