R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
153
Configuring whether first-time authentication is supported
When the device connects to the SSH server as an SSH client, you can configure whether the device
supports first-time authentication.
• With first-time authentication, when an SSH client not configured with the server host public key
accesses the server for the first time, the user can continue accessing the server, and save the host
public key on the client. When accessing the server again, the client will use the saved server host
public key to authenticate the server.
• Without first-time authentication, a client not configured with the server host public key will refuse to
access the server. To enable the client to access the server, you must configure the server host public
key and specify the public key name for authentication on the client in advance.
Enable the device to support first-time authentication
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the device to support
first-time authentication.
ssh client first-time enable
Optional.
By default, first-time authentication
is supported on a client.
Disable first-time authentication
For successful authentication of an SSH client not supporting first-time authentication, the server host
public key must be configured on the client and the public key name must be specified.
To disable first-time authentication:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Disable first-time
authentication support.
undo ssh client first-time
By default, first-time authentication
is supported on a client.
3. Configure the server host
public key.
See "Configuring a client public
key"
The method for configuring the
server host public key on the client
is similar to that for configuring
client public key on the server.
4. Specify the host public key
name of the server.
ssh client authentication server
server assign publickey keyname
N/A