HP VPN Firewall Appliances System Management and Maintenance Command Reference
221
Usage guidelines
If the client does not support first-time authentication, it will reject unauthenticated servers. In this case,
you need to configure the public keys of the servers and specify the mappings between public keys and
servers on the client, so that the client uses the correct public key of a server to authenticate the server.
The specified host public key of the server must already exist.
Examples
# Configure the public key of the server at 192.168.0.1 to be key1.
<Sysname> system-view
[Sysname] ssh client authentication server 192.168.0.1 assign publickey key1
Related commands
ssh client first-time enable
ssh client first-time enable
Use ssh client first-time enable to enable the first-time authentication function.
Use undo ssh client first-time to disable the function.
Syntax
ssh client first-time enable
undo ssh client first-time
Default
The function is enabled.
Views
System view
Default command level
2: System level
Usage guidelines
Without first-time authentication, a client not configured with the server's host public key does not access
the server. To access the server, a user must configure in advance the server's host public key locally and
specify the public key name for authentication.
With first-time authentication, when an SSH client not configured with the server's host public key
accesses the server for the first time, the user can continue accessing the server, and save the server's host
public key on the client. When accessing the server again, the client uses the saved server host public key
to authenticate the server.
Because the server might update its key pairs periodically, a client must obtain the most recent host public
key of the server for successful authentication of the server.
Examples
# Enable the first-time authentication function.
<Sysname> system-view
[Sysname] ssh client first-time enable