Configuring whether first-time authentication is supported
When the switch acts as an SSH client and connects to the SSH server, you can configure whether the switch supports first-time authentication.
With first-time authentication, when an SSH client not configured with the server host public key accesses the server for the first time, the user can continue accessing the server, and save the host public key on the client. When accessing the server again, the client will use the saved server host public key to authenticate the server.
Without first-time authentication, a client not configured with the server host public key will refuse to access the server. To enable the client to access the server, you must configure the server host public key and specify the public key name for authentication on the client in advance.
Enabling the switch to support first-time authentication
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable the switch to support first-time authentication. | ssh client first-time [ enable ] | Optional. By default, first-time authentication is supported on a client. |
Disabling first-time authentication
For successful authentication of an SSH client not supporting first-time authentication, the server host public key must be configured on the client and the public key name must be specified.
To disable first-time authentication:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Disable first-time authentication support. | undo ssh client first-time | By default, first-time authentication is supported on a client. |
3. Configure the server host public key. | The method for configuring the server host public key on the client is similar to that for configuring client public key on the server. | |
4. Specify the host public key name of the server. | ssh client authentication server server assign publickey keyname | N/A |