beautypg.com

H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 491

background image

46-19

To do…

Use the command…

Remarks

Enter system view

system-view

Enable the device to support
first-time authentication

ssh client first-time enable

Optional
By default, the client is enabled to
run initial authentication.

Follow these steps to disable first-time authentication support:

To do…

Use the command…

Remarks

Enter system view

system-view

Disable first-time authentication
support

undo ssh client first-time

Required
By default, the client is enabled to
run first-time authentication.

Configure server public key

Refer to

Configuring the Client

Public Key on the Server

Required
The method of configuring server
public key on the client is similar to
that of configuring client public key
on the server.

Specify the host key name of the
server

ssh client

{ server-ip |

server-name

} assign { publickey

| rsa-key } keyname

Required

Establish the connection between the SSH client and server

The client’s method of establishing an SSH connection to the SSH server varies with authentication
types. See the table below for details.

Follow these steps to establish an SSH connection:

To do…

Use the command…

Remarks

Enter system view

system-view

Start the client to establish a
connection with an SSH server

ssh2

{ host-ip | host-name }

[ port-num ] [ identity-key { dsa |
rsa

} | prefer_kex { dh_group1 |

dh_exchange_group

} |

prefer_ctos_cipher

{ des |

aes128

} | prefer_stoc_cipher

{ des | aes128 } |
prefer_ctos_hmac

{ sha1 |

sha1_96

| md5 | md5_96 } |

prefer_stoc_hmac

{ sha1 |

sha1_96

| md5 | md5_96 } ] *

Required
In this command, you can also
specify the preferred key exchange
algorithm, encryption algorithms
and HMAC algorithms between the
server and client.
HMAC: Hash-based message
authentication code
Note that:
The identity-key keyword is
unnecessary in password
authentication and optional in
public key authentication.

When logging into the SSH server using public key authentication, an SSH client needs to read the local
private key for authentication. As two algorithms (RSA or DSA) are available, the identity-key keyword
must be used to specify one algorithm in order to get the correct private key.

See also other documents in the category H3C Technologies Routers: