Enabling and disabling first-time authentication, Enabling first-time authentication, Disabling first-time authentication – H3C Technologies H3C SecBlade LB Cards User Manual
Page 176

165
Step Command
Remarks
2.
Specify a source IP address 
or source interface for the 
Stelnet client.
•
Specify a source IPv4 address or source
interface for the Stelnet client:
ssh client source { interface interface-type 
interface-number | ip ip-address } 
•
Specify a source IPv6 address or source
interface for the Stelnet client: 
ssh client ipv6 source { interface 
interface-type interface-number | ipv6
ipv6-address }
Use either command.
Enabling and disabling first-time authentication
When the device works as an SSH client and connects to the SSH server, you can configure whether the
device supports first-time authentication. 
When a client not configured with the server host public key access the server for the first time: 
•
If first-time authentication is disabled, the client refuses to access the server. To enable the client to 
access the server, you must configure the server host public key locally and specify the public key 
name for authentication on the client in advance.
•
If first-time authentication is enabled, the client accesses the server, and saves the host public key on 
the client. When accessing the server again, the client uses the saved server host public key to 
authenticate the server.
In a secure network, first-time authentication simplifies client configuration, but also brings some potential
security risks.
Enabling first-time authentication
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable first-time 
authentication. 
ssh client first-time enable
Optional. 
Enabled by default. 
Disabling first-time authentication
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Disable first-time
authentication.
undo ssh client first-time
Enabled by default.
3.
Configure the server host 
public key. 
See "
The method for configuring the 
server host public key on the client 
is similar to that for configuring 
client public key on the server.
4.
Specify the host public key
name of the server.
ssh client authentication server 
server assign publickey keyname 
N/A
