Ssh Client Knownhost - Cisco NCS 5000 Series Manual

ssh client knownhost

ssh client knownhost
To authenticate a server public key (pubkey), use the ssh client knownhost command. To disable authentication
of a server pubkey, use the no form of this command.
ssh client knownhost device:/filename
no ssh client knownhost device:/filename
Syntax Description
device:/ filename
Command Default
None
Command Modes
XR Config mode
Command History
Release
Release 6.0
Usage Guidelines
The server pubkey is a cryptographic system that uses two keys at the client end—a public key known to
everyone and a private, or secret, key known only to the owner of the keys. In the absence of certificates, the
server pubkey is transported to the client through an out-of-band secure channel. The client stores this pubkey
in its local database and compares this key against the key supplied by the server during the early stage of
key negotiation for a session-building handshake. If the key is not matched or no key is found in the local
database of the client, users are prompted to either accept or reject the session.
The operative assumption is that the first time the server pubkey is retrieved through an out-of-band secure
channel, it is stored in the local database. This process is identical to the current model adapted by Secure
Shell (SSH) implementations in the UNIX environment.
Task ID
Task ID
crypto
Examples The following sample output is from the ssh client knownhost command:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# ssh client knownhost disk0:/ssh.knownhost
RP/0/RP0/CPU0:router(config)# commit
System Security Command Reference for Cisco NCS 5000 Series Routers
166
Complete path of the filename (for example, slot0:/server_pubkey). The
colon (:) and slash (/) are required.
Operations
read, write
Secure Shell Commands
Modification
This command was introduced.