Configuring a client public key manually – H3C Technologies H3C S7500E Series Switches User Manual

11-7

This configuration task is only necessary for SSH users using publickey authentication.

For each SSH user that uses publickey authentication to login, you must configure the client’s DSA or

RSA host public key on the server, and configure the client to use the corresponding host private key.

To configure the public key of an SSH client, you can:

z

Configure it manually: You can input or copy the public key to the SSH server. The public key

must have not been converted and be in the distinguished encoding rules (DER) encoding format.

z

Import it from the public key file: During the import process, the system will automatically convert

the public key to a string coded using the Public Key Cryptography Standards (PKCS). Before

importing the public key, you must upload the public key file (in binary) to the local host through

FTP or TFTP.

z

You are recommended to configure a client public key by importing it from a public key file.

z

You can configure at most 20 client public keys on an SSH server.

Configuring a client public key manually

Follow these steps to configure the client public key manually:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter public key view

public-key peer keyname

—

Enter public key code view

public-key-code begin

—

Configure a client public key

Enter the content of the public key

Required

Spaces and carriage returns are

allowed between characters.

Return from public key code view

to public key view

public-key-code end

—

When you exit public key code

view, the system automatically

saves the public key.

Return from public key view to

system view

peer-public-key end

—