beautypg.com

Destroying an asymmetric key pair, Configuring the public key of a peer – H3C Technologies H3C S5120 Series Switches User Manual

Page 514

background image

1-3

Key pairs created with the public-key local create command are saved automatically and can survive

system reboots.

Displaying or Exporting the Local RSA or DSA Host Public Key

Display the local RSA or DSA host public key on the screen or export it to a specified file. Then, you can

configure the local RSA or DSA host public key on the remote end so that the remote end can use the

host public key to authentication the local end through digital signature.

Follow these steps to display or export the local RSA or DSA host public key:

To do…

Use the command…

Remarks

Enter system view

system-view

Display the local RSA host
public key on the screen in a
specified format, or export it to
a specified file

public-key local export rsa
{ openssh | ssh1 | ssh2 }
[ filename ]

Display the local DSA host
public key on the screen in a
specified format, or export it to
a specified file

public-key local export dsa
{ openssh | ssh2 } [ filename ]

Select a command according to
the type of the key to be
exported.

Destroying an Asymmetric Key Pair

An asymmetric key pair may expire or leak. In this case, you need to destroy it and generate a new pair.

Follow these steps to destroy an asymmetric key pair:

To do…

Use the command…

Remarks

Enter system view

system-view

Destroy an asymmetric key pair

public-key local destroy { dsa
| rsa }

Required

Configuring the Public Key of a Peer

To enable your local host to authenticate a remote host, configure the RSA or DSA public key of that

peer on the local host by following either of the methods:

z

Configure it manually: View the peer's host public key by the display command or other means on

the remote host and record the public key. On the local host, input or copy the key data in public

key code view.

z

Import it from a public key file: Obtain a copy of the peer's public key file through FTP or TFTP (in

binary mode) first, and then import the public key from the file. During the import process, the

system automatically converts the public key to a string in PKCS (Public Key Cryptography

Standards) format.

See also other documents in the category H3C Technologies Routers: