Enabling and disabling first-time authentication
When the device works as an SSH client and connects to the SSH server, you can configure whether the device supports first-time authentication.
When a client not configured with the server host public key accesses the server for the first time, one of the following conditions exists:
If first-time authentication is disabled, the client refuses to access the server.
To enable the client to access the server, you must complete the following tasks in advance:
Configure the server host public key locally.
Specify the public key name for authentication on the client.
If first-time authentication is enabled, the client accesses the server, and saves the server's host public key locally. When accessing the server next time, the client uses the locally saved server host public key to authenticate the server.
In a secure network, enabling first-time authentication simplifies client configuration, but also brings potential security risks.
Enabling first-time authentication
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable first-time authentication. | ssh client first-time [ enable ] | Optional. Enabled by default. |
Disabling first-time authentication
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Disable first-time authentication. | undo ssh client first-time | Enabled by default. |
3. Configure the server host public key. | The method for configuring the server host public key on the client is similar to that for configuring client public key on the server. | |
4. Specify the host public key name of the server. | ssh client authentication server server assign publickey keyname | N/A |