Configuring a client's host public key, Configuring a client public key manually – H3C Technologies H3C SecBlade LB Cards User Manual

161

Configuring a client's host public key

This configuration task is only necessary if publickey authentication is configured for users and the clients

directly send the public key to the server for authentication.
During a publickey authentication for a client, the server first compares the SSH username and host
public key received from the client with those saved locally. If the information is consistent, it examines the

digital signature that the client sends. The digital signature is calculated by the client according to the

private key associated with the host public key.
You must configure the client's RSA host public key on the server, and specify the associated host private

key on the client to generate the digital signature, so that the client can pass publickey authentication with
correct digital signature. If the device serves as a client, the associated host private key is specified by the

specified public key algorithm.
You can manually configure the public key of an SSH client on the server, or import it from the public key

file:

•

Manual configuration—Type or copy the client host public key on the client to the SSH server. The
host public key must be in the DER encoding format without being converted.
Manually configured client host public keys must be in the specified format. If you use the device
to act as the client, you can use the display public-key local public command to view the host

public key and copy its contents to the server. Other ways to display a host public key might result

in incorrect format. H3C recommends that you configure a client public key by importing it from a

public key file.

•

Importing from the public key file—Upload the client's host public key file (in binary) to the server
(for example, through FTP or TFTP), and import the uploaded file to the server. During the import

process, the server automatically converts the public key in the public key file to a string in PKCS

format.

You can configure up to 20 SSH client public keys on an SSH server.
For more information about client public key configuration, see "Managing public keys."

Configuring a client public key manually

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter public key view.

public-key peer keyname N/A

3.

Enter public key code view.

public-key-code begin

N/A

4.

Configure a client's host

public key.

Enter the content of the host public
key

Spaces and carriage returns are
allowed between characters.

5.

Return to public key view and

save the configured host
public key.

public-key-code end

When you exit public key code
view, the system automatically

saves the public key.

6.

Return to system view.

peer-public-key end N/A