ssh user assign
Function
The ssh user assign command assigns one existing public key (key-name) to the user.
The undo ssh user assign command deletes the relationship between the user and its public key.
By default, no public key is assigned to SSH users.
Format
ssh user user-name assign { rsa-key | dsa-key | ecc-key } key-name
undo ssh user user-name assign { rsa-key | dsa-key | ecc-key }
Parameters
| Parameter | Description | Value |
|---|---|---|
| user-name | Specifies the valid SSH user name defined by AAA. | The name is a string of 1 to 253 case-insensitive characters without a blank space. |
| rsa-key | Indicates the RSA key. | - |
| dsa-key | Indicates the DSA key. | - |
| ecc-key | Indicates the ECC key. | - |
| key-name | Specifies the configured public key name of the client. | The name is a string of 1 to 30 case-insensitive characters without a blank space. |
Usage Guidelines
Usage Scenario
When the server authenticates an SSH user on the client using the Revest-Shamir-Adleman Algorithm (RSA), Digital Signature Algorithm (DSA) or Elliptic Curves Cryptography (ECC) authentication mode, the server asks for an RSA public key and assigns the RSA, DSA or ECC public key to the SSH user.
When the system assigns a public key to a user, the system regards the public key assigned last as valid.
When a user is assigned a public key, and the specified name user-name does not exist, the user can create an SSH user with the name user-name. The authentication mode is the configured one.
The newly configured user public key takes effect during the next login.
Prerequisites
The RSA, DSA, or ECC public key on the SSH client must be valid.
To improve security, it is recommended that you use ECC as the public key.
Example
# Assign "key1" to the user "user1".
<sysname> system-view
[sysname] ssh user user1 assign rsa-key key1
# Assign the DSA public key "pemkey" to the user with the IP address of 10.1.1.1.
<sysname> system-view
[sysname] ssh user 10.1.1.1 assign dsa-key pemkey
<sysname> system-view
[sysname] ssh user 10.1.1.2 assign ecc-key ecckey