The ssh client assign command specifies the host public key of an SSH server on an SSH client.
The undo ssh client assign command cancels the specified host public key of the SSH server on the SSH client.
By default, the host public key of a server is not specified on clients.
ssh client servername assign { rsa-key | dsa-key | ecc-key } keyname
undo ssh client servername assign { rsa-key | dsa-key | ecc-key }
| Parameter | Description | Value |
|---|---|---|
servername |
Specifies the host name or IP address of an SSH server. |
The value is a string of 1 to 255 characters without spaces. |
rsa-key |
Specifies the RSA public key. |
- |
dsa-key |
Specifies the DSA public key. |
- |
ecc-key |
Specifies the ECC public key. |
- |
keyname |
Specifies the SSH server public key name that has been configured on an SSH client. |
The value is a string of 1 to 30 case-insensitive characters without spaces. |
Usage Scenario
If an SSH client connects to an SSH server for the first time and first authentication is not enabled on the SSH client using the ssh client first-time enable command, the SSH client must determine whether the server is reliable. To do so, run the ssh client assign command to specify the host public key of the SSH server and the mapping between the key and SSH server on the SSH client. The client then uses the correct public key to determine whether the server is reliable based on the mapping.
Precautions
The name of the RSA, DSA, or ECC public key to be assigned to the SSH server must be the same as that configured on the SSH client. This public key must have been configured on the SSH server using the rsa peer-public-key, dsa peer-public-key, or ecc peer-public-key command. If either of the preceding conditions is not met, RSA, DSA, or ECC public key authentication of the SSH server fails on the SSH client.
To improve security, it is not recommended that you use RSA or DSA as the authentication algorithm.