R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
223
The output shows that the host public key of Router A saved on Router B is consistent with the one
created on Router A.
Importing a public key from a public key file
Network requirements
As shown in Figure 85, to prevent illegal access, Router B (the local device) authenticates Router A (the
peer device) through a digital signature. Before configuring authentication parameters on Router B,
configure the public key of Router A on Router B.
• Configure Router B to use the asymmetric key algorithm of RSA to authenticate Router A.
• Import the host public key of Router A from the public key file to Router B.
Figure 85 Network diagram
Configuration procedure
1. Create key pairs on Router A and export the host public key:
# Create local RSA key pairs on Router A, setting the modulus length to the default, 1024 bits.
<RouterA> system-view
[RouterA] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++
++++++
++++++++
++++++++
# Display the public keys of the local RSA key pairs.
[RouterA] display public-key local rsa public
=====================================================
Time of Key pair created: 09:50:06 2007/08/07
Key name: HOST_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F
814F
9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD
995C
669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326470034DC07