H3C S5600 Series Operation Manual page 1014

Operation Manual – SSH
H3C S5600 Series Ethernet Switches
Establishing the connection between the
SSH client and server
I. Configuring the SSH client for publickey authentication
When the authentication mode is publickey, you need to configure the RSA or DSA
public key of the client on the server:
To generate a key pair on the client, refer to
To export the RSA or DSA public key of the client, refer to
DSA Public
To configure the public key of a client on the server, refer to
Key of a Client on the
II. Configuring whether first-time authentication is supported
When the device connects to the SSH server as an SSH client, you can configure
whether the device supports first-time authentication.
With first-time authentication enabled, an SSH client that is not configured with the
server host public key can continue accessing the server when it accesses the
server for the first time, and it will save the host public key on the client for use in
subsequent authentications.
With first-time authentication disabled, an SSH client that is not configured with the
server host public key will be denied of access to the server. To access the server,
a user must configure in advance the server host public key locally and specify the
public key name for authentication.
Table 1-15 Follow these steps to enable the device to support first-time authentication:
To do...
Enter system view
Enable the device to
support first-time
authentication
Task
Key.
Server.
Use the command...
system-view
ssh client first-time
enable
1-23
Chapter 1 SSH Configuration
Remarks
Required
Generating/Destroying Key
Exporting the RSA or
Configuring the Public
Remarks
—
Optional
By default, the client is
enabled to run first-time
authentication.
Pairs.