R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

321

322

323

324

325

326

327

328

329

330

314

Specifying a source IP address or source interface for the

Stelnet client

By default, an Stelnet client uses the IP address of the outbound interface specified by the route to the

Stelnet server as the source IP address to communicate with the Stelnet server. You can change the source

IP address or specify a source interface for the client.

To make sure the Stelnet client and the Stelnet server can communicate with each other, and to improve

the manageability of Stelnet clients in the authentication service, HP recommends that you specify a

loopback interface as the source interface.

To specify a source IP address or source interface for the Stelnet client:

Step Command Remarks

1. Enter system view.

system-view N/A

2. Specify a source IP address

or source interface for the

Stelnet client.

• Specify a source IPv4 address or source

interface for the Stelnet client:

ssh client source { interface interface-type

interface-number | ip ip-address }

• Specify a source IPv6 address or source

interface for the Stelnet client:

ssh client ipv6 source { interface

interface-type interface-number | ipv6

ipv6-address }

Use either command.

Enabling and disabling first-time authentication

When the device works as an SSH client and connects to the SSH server, you can configure whether the

device supports first-time authentication.

When a client not configured with the server host public key access the server for the first time:

• If first-time authentication is disabled, the client refuses to access the server. To enable the client to

access the server, you must configure the server host public key locally and specify the public key

name for authentication on the client in advance.

• If first-time authentication is enabled, the client accesses the server, and saves the host public key on

the client. When accessing the server again, the client uses the saved server host public key to

authenticate the server.

In a secure network, first-time authentication simplifies client configuration, but also brings some potential

security risks.

Enabling first-time authentication

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable first-time

authentication.

ssh client first-time enable

Optional.

Enabled by default.