H3C S5500-EI series Operation Manual page 1368

Operation Manual – SSH
H3C S5500-EI Series Ethernet Switches
With first-time authentication, when an SSH client not configured with the server
host public key accesses the server for the first time, the user can continue
accessing the server, and save the host public key on the client for use in
subsequent authentications.
Without first-time authentication, a client not configured with the server host public
key will be denied of access to the server. To access the server, a user must
configure in advance the server host public key locally and specify the public key
name for authentication.
I. Enable the device to support first-time authentication
Follow these steps to enable the device to support first-time authentication:
Enter system view
Enable the device to
support first-time
authentication
II. Disable first-time authentication
For successful authentication of an SSH client not supporting first-time authentication,
the server host public key must be configured on the client and the public key name
must be specified.
Follow these steps to disable first-time authentication:
Enter system view
Disable first-time
authentication support
Configure the server
public key
Specify the host public
key name of the server
To do...
system-view
ssh client first-time enable
To do...
system-view
undo ssh client first-time
Refer to
Client Public Key
ssh client authentication
server server assign
publickey keyname
Use the command...
Use the command...
1.2.5 Configuring a
1-14
Chapter 1 SSH Configuration
Remarks
—
Optional
By default, first-time
authentication is
supported on a client.
Remarks
—
Optional
By default, first-time
authentication is
supported on a client.
Required
The method of configuring
server public key on the
client is similar to that of
configuring client public
key on the server.
Required