Configuring the public key of a peer – H3C Technologies H3C S7500E Series Switches User Manual

11-4

Configuring the Public Key of a Peer

To enable your local host to authenticate a remote host, configure the RSA or DSA public key of

that peer on the local host by following either of the methods:

z

Configure it manually: View the peer's host public key by the display command or other

means on the remote host and record the public key. On the local host, input or copy the

key data in public key code view.

z

Import it from a public key file: Obtain a copy of the peer's public key file through FTP or

TFTP (in binary mode) first, and then import the public key from the file. During the import

process, the system automatically converts the public key to a string in PKCS (Public Key

Cryptography Standards) format.

z

If you choose to input the public key manually, be sure to input it in the correct format. The

key data displayed by the display public-key local public command meets the format

requirements. The public key displayed in other methods may not meet the format

requirements. A format-incompliant key cannot be saved. Thus, you are recommended to

configure the public key of the peer by importing it from a public key file.

z

The device supports up to 20 host pubic keys of peers.

Follow these steps to configure the public key of a peer manually:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Specify a name for a peer's host

public key and enter public key

view

public-key peer keyname

Required

Enter public key code view

public-key-code begin

—

Configure the public key of the

peer

Type or copy the key

Required

Spaces and carriage returns are

allowed between characters.

Return to public key view

public-key-code end

Required

When you exit public key code

view, the system automatically

saves the public key.

Return to system view

peer-public-key end

—