Setting the SSH password on the USG2000&5000

15

Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication.
1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH.
2. Configure connection number limit on the VTY administrator interface.
3. Set the administrator account and password for login through SSH.
system-view
[sysname] ssh user admin1
[sysname] ssh user admin1 authentication-type password
[sysname] aaa
[sysname-aaa] local-user admin1 password cipher *********
[sysname-aaa] local-user admin1 service-type ssh
[sysname-aaa] local-user admin1 level 3
[sysname-aaa] local-user admin1 access-limit 1
4. Enable the STelnet service on the device.
5. Set the client service mode of the SSH account to STelnet.

Other related questions:
Setting the console password on the USG2000&5000
For the login through the console port, the account and password must be set. 1. During the first log, use the default account (admin) and password (Admin@123) of the console port. 2. To prevent an unauthorized user to access the device with the default account and password, you are advised to change this password after your first login to the device. system-view [sysname] user-interface Console 0 [sysname-ui-Console0] authentication-mode local user admin password cipher *********

Configuring SSH on the USG2000&5000
Configure SSH on the USG2000&5000 as follows: Configuration roadmap: USG_A serves as the client, and USG_B as the SSH server. 1. Create an SSH user on USG_B. 2. Generate a local key pair on USG_B. 3. Enable the STelnet/SFTP service on USG_B. 4. Log in to USG_B through USG_A on the client.

Setting the super password for the USG2000&5000
When a lower-level user is switched to a higher-level user, user identity authentication is required to prevent unauthorized access. That is, the password of the higher-level user is required. The super password command can be used to set the password used to switch a lower-level user to a higher-level user. An example is provided for setting the super password. # Configure the password to Abcd@1234 for switching from a lower-level user to a level-3 user. system-view [sysname] super password level 3 cipher Abcd@1234 Note: A configured password cannot be retrieved from the system. You should carefully keep the password in case that you may forget or lose it.

Web password setting for the USG2000&5000 series
The default user name/password for login to the web UI is admin/Admin@123. For system security, as a web administrator, you are advised to change the password after login. system-view [sysname] aaa [sysname-aaa] local-user admin1 password irreversible-cipher ********* [sysname-aaa] local-user admin1 service-type web [sysname-aaa] local-user admin1 level 3

Setting the SSH password on the USG6000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] aaa [sysname-aaa] manager-user admin1 [sysname-aaa-manager-user-admin1] ssh authentication-type password [sysname-aaa-manager-user-admin1] password Enter Password: Confirm Password: [sysname-aaa-manager-user-admin1] service-type ssh [sysname-aaa-manager-user-admin1] level 3 [sysname-aaa-manager-user-admin1] access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top