Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
121122123124125126127128129130
113
To do… Use the command…
Remarks
Enter system view system-view
Export and save the host public key
of the local RSA key pairs in a
specific format to a file
public-key local export rsa
{ openssh | ssh1 | ssh2 } filename
Required
Destroying a local asymmetric key pair
You may need to destroy a local asymmetric key pair and generate a new pair when an intrusion event
has occurred, the storage media of the device is replaced, the asymmetric key has been used for a long
time, or the local certificate expires. For more information about the local certificate, see the chapter “PKI
configuration.
Follow these steps to destroy a local asymmetric key pair:
To do… Use the command…
Remarks
Enter system view system-view
Destroy a local asymmetric key pair public-key local destroy rsa Required
Specifying the peer public key on the local device
In SSH, to enable the local device to authenticate a peer device, specify the peer public key on the local
device. Take one of the following methods:
Method Prere
q
uisites
Remarks
Import the public key
from a public key file
(recommended)
1. Save the host public key of the intended
asymmetric key pair in a file.
2. Transfer a copy of the file through FTP or
TFTP in binary mode to the local device.
During the import process, the system
automatically converts the public key to
a string in Public Key Cryptography
Standards (PKCS) format.
Manually configure
the public key
input or copy the key
data
Display and record the public key of the
intended asymmetric key pair.
If the peer device is an HP device, use the
display public-key local rsa public
command to view and record its public
key. A public key displayed by other
methods for the HP device may not be in a
correct format.
The recorded public key must be in
the correct format, or the manual
configuration of a
format-incompliant public key will
fail.
Always use the first method if you
are not sure about the format of the
recorded public key.
NOTE:
The device supports up to 20 peer public keys.
For information about displaying or exporting the host public key, see "Displaying or exporting the
local h
ost public key."
Follow these steps to import the host public key from a public key file to the local device:
To do… Use the command…
Remarks
Enter system view system-view