Necesitamos saber la version que estas utilizando, ya que existen algunas diferencias entre algunas versiones. Y claro tiene que ver mucho si es un AR o un NE. Te comparto a continuacion la informacion de un NE.
Difference in SSH Between V3R1 and V3R2
Publication Date: 2012-07-27 Views: 118 Downloads: 0
Issue Description
After the NE40E is upgraded from V3R1 to V3R2, the device cannot be accessed through SSH with a trap record saying that the SSH server denies the access.
Version before the upgrade: NE40E&80E V300R001C01B052.
Version after the upgrade: NE40E&80E V300R002C06B323.
Alarm Information
Null
Handling Process
Do as follows to modify the related configuration of the SSH.
The first configuration solution: two configurations are needed to realize SSH.
stelnet server enable
―A newly added command to V3R2. This command is needed for SSH to log in.
ssh authentication-type default password
― Enable this command and then SSH users employ automatically the users created in the aaa without the need to configure ssh user in the system view.
The second configuration solution: Add each SSH user and specify the service type of the user to support stelnet. By doing so, SSH can be realized. For example:
stelnet server enable
ssh user username
ssh user username authentication-type password
ssh user username service-type stelnet
― This command must be configured to select the service type.
Root Cause
The realization of the original V3R1:
There is only one solution: to specify the authentication type as password when adding each SSH user. The configuration of the current network:
aaa
local-user X.X.X.X.X password cipher .;\V:$N$01=B,.\#C3YB91!!
local-user X.X.X.X.X service-type ssh
local-user X.X.X.X.X level 3
ssh user X.X.X.X.X authentication-type password
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
protocol inbound all
The realization of the current V3R2:
The first configuration solution: two configurations are needed to realize SSH.
stelnet server enable
― A newly added command to V3R2. This command is needed for SSH to log in.
ssh authentication-type default password
― Enable this command and then SSH users employ automatically the users created in the aaa without the need to configure ssh user in the system view.
The second configuration solution: Add each SSH user and specify the service type of the user to support stelnet. Thus, SSH can be realized. For example:
stelnet server enable
ssh user username
ssh user username authentication-type password
ssh user username service-type stelnet
― This command must be configured to select the service type.
Because the sftp and stelnet functions are added to the V3R2, the service-type command is added to the configuration for users to choose different service types and to ensure a better security.
Users can choose a solution based on their needs. The application of the two solutions at the same time has the same effect.