Ssh Client Knownhost - Cisco CRS User Manual

ssh client knownhost

ssh client knownhost
To authenticate a server public key (pubkey), use the ssh client knownhost command. To disable authentication
of a server pubkey, use the no form of this command.
ssh client knownhost device:/filename
no ssh client knownhost device:/filename
Syntax Description
device:/ filename
Command Default
None
Command Modes
Global configuration
Command History
Release
Release 2.0
Usage Guidelines
The server pubkey is a cryptographic system that uses two keys at the client end—a public key known to
everyone and a private, or secret, key known only to the owner of the keys. In the absence of certificates, the
server pubkey is transported to the client through an out-of-band secure channel. The client stores this pubkey
in its local database and compares this key against the key supplied by the server during the early stage of
key negotiation for a session-building handshake. If the key is not matched or no key is found in the local
database of the client, users are prompted to either accept or reject the session.
The operative assumption is that the first time the server pubkey is retrieved through an out-of-band secure
channel, it is stored in the local database. This process is identical to the current model adapted by Secure
Shell (SSH) implementations in the UNIX environment.
Task ID
Task ID
crypto
Examples The following sample output is from the ssh client knownhost command:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# ssh client knownhost disk0:/ssh.knownhost
RP/0/RP0/CPU0:router(config)# commit
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
272
Complete path of the filename (for example, slot0:/server_pubkey). The
colon (:) and slash (/) are required.
Modification
This command was introduced.
Operations
read, write
Secure Shell Commands
OL-24740-01