Configuring a client's host public key, Required.) – H3C Technologies H3C S6300 Series Switches User Manual
Page 287
272
Configuring a client's host public key
If the server uses publickey authentication to authentication a client, it compares the SSH username and
host public key that it receives from the client with those locally saved. If the information is consistent, it
verifies the digital signature that the client sends. The client generates the digital signature by using the
private key that is associated with the client's host public key.
For SSH servers that use publickey authentication, password-publickey authentication, or any
authentication, you must configure the client's DSA, RSA, or ECDSA host public key on the server, and
specify the corresponding host private key on the client to generate the digital signature. This makes the
client pass publickey authentication with the correct digital signature. If the device serves as a client,
corresponding host private key is specified by the specified public key algorithm.
You can manually configure the host public key of an SSH client on the server, or import it from the public
key file:
•
Manually configuring the host public key—You can type or copy the client's host public key from
the client to the SSH server. The host public key must be in the DER encoding format without being
converted.
If you use the device to act as the client, you can use the display public-key local public command
to display the host public key and copy its contents to the server. A host public key obtained in
other ways might be in incorrect format and cannot be saved on the server. H3C recommends that
you import a client's host public key from the public key file of the client.
•
Importing the host public key—You can upload the client's public key file (in binary) to the server,
for example, through FTP or TFTP, and import the host public key from the public key file. During the
import process, the server automatically converts the host public key in the public key file to a string
in PKCS format.
H3C recommends that you configure no more than 20 SSH client host public keys on an SSH server.
To manually configure a client's host public key:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter public key view.
public-key peer keyname N/A
3.
Configure a client's host
public key.
Enter the content of the host public
key
When you enter the content for a
host public key, you can use
spaces and carriage returns
between characters. When you
save the host public key, spaces
and carriage returns are removed
automatically.
For more information, see
"
."
4.
Return to system view.
peer-public-key end N/A
To import a client's host public key from a public key file:
Step Command
1.
Enter system view.
system-view