beautypg.com

Configuring whether first-time, Authentication is supported – H3C Technologies H3C S3600 Series Switches User Manual

Page 912

background image

1-22

z

To configure the public key of a client on the server, refer to

Configuring the Public Key of a Client

on the Server

.

Configuring whether first-time authentication is supported

When the device connects to the SSH server as an SSH client, you can configure whether the device

supports first-time authentication.

z

With first-time authentication enabled, an SSH client that is not configured with the server host

public key can continue accessing the server when it accesses the server for the first time, and it

will save the host public key on the client for use in subsequent authentications.

z

With first-time authentication disabled, an SSH client that is not configured with the server host

public key will be denied of access to the server. To access the server, a user must configure in

advance the server host public key locally and specify the public key name for authentication.

Follow these steps to enable the device to support first-time authentication:

To do...

Use the command...

Remarks

Enter system view

system-view

Enable the device to support
first-time authentication

ssh client first-time enable

Optional

By default, the client is enabled
to run first-time authentication.

Follow these steps to disable first-time authentication support:

To do...

Use the command...

Remarks

Enter system view

system-view

Disable first-time authentication
support

undo ssh client first-time

Required

By default, the client is enabled
to run first-time authentication.

Configure server public key

Refer to

Configuring the Public

Key of a Client on the Server

Required

The method of configuring
server public key on the client is
similar to that of configuring
client public key on the server.

Specify the host key name of
the server

ssh client {

server-ip |

server-name

} assign

publickey keyname

Required

With first-time authentication enabled, an SSH client that is not configured with the SSH server's host

public key saves the host public key sent by the server without authenticating the server. Attackers may

exploit the vulnerability to initiate man-in-middle attacks by acting as an SSH server. Therefore, it is

recommended to disable first-time authentication unless you are sure that the SSH server is reliable.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: