beautypg.com

Configuring a client's host public key, Required.) – H3C Technologies H3C S6300 Series Switches User Manual

Page 287

background image

272

Configuring a client's host public key

If the server uses publickey authentication to authentication a client, it compares the SSH username and

host public key that it receives from the client with those locally saved. If the information is consistent, it

verifies the digital signature that the client sends. The client generates the digital signature by using the
private key that is associated with the client's host public key.
For SSH servers that use publickey authentication, password-publickey authentication, or any

authentication, you must configure the client's DSA, RSA, or ECDSA host public key on the server, and

specify the corresponding host private key on the client to generate the digital signature. This makes the

client pass publickey authentication with the correct digital signature. If the device serves as a client,
corresponding host private key is specified by the specified public key algorithm.
You can manually configure the host public key of an SSH client on the server, or import it from the public

key file:

Manually configuring the host public key—You can type or copy the client's host public key from
the client to the SSH server. The host public key must be in the DER encoding format without being
converted.
If you use the device to act as the client, you can use the display public-key local public command
to display the host public key and copy its contents to the server. A host public key obtained in

other ways might be in incorrect format and cannot be saved on the server. H3C recommends that

you import a client's host public key from the public key file of the client.

Importing the host public key—You can upload the client's public key file (in binary) to the server,
for example, through FTP or TFTP, and import the host public key from the public key file. During the
import process, the server automatically converts the host public key in the public key file to a string

in PKCS format.

H3C recommends that you configure no more than 20 SSH client host public keys on an SSH server.
To manually configure a client's host public key:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter public key view.

public-key peer keyname N/A

3.

Configure a client's host

public key.

Enter the content of the host public
key

When you enter the content for a
host public key, you can use

spaces and carriage returns
between characters. When you

save the host public key, spaces

and carriage returns are removed
automatically.
For more information, see
"

Managing public keys

."

4.

Return to system view.

peer-public-key end N/A

To import a client's host public key from a public key file:

Step Command

1.

Enter system view.

system-view