R2511-HP MSR Router Series Security Configuration Guide(V5)
275
Ste
p
Command
Remarks
2. Export an RSA key pair in
PEM format.
public-key local export rsa name
key-name pem { 3des-cbc |
aes-cbc-128 | aes-cbc-192 |
aes-cbc-256 | des-cbc } password
The command displays the public
key and private key of the
exported RSA key pair in PEM
format on the terminal. The
private key is encrypted by the
encryption algorithm and
password specified in the
command.
You cannot export the default
RSA key pair.
Importing an RSA key pair
After you export an RSA key pair on a device, you can import the key pair to another device.
To import an RSA key pair:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Import an RSA key pair.
public-key local import rsa
name key-name pem
After you execute the public-key local
import command, copy the private key
of the RSA key pair at the prompt (the
public key is included in the private
key), press Ctrl+C, and then enter the
password used to encrypt the RSA key
pair when the key pair was exported.
You cannot use an imported RSA key
pair as the default RSA key pair.
The RSA key pair to be imported must
be in PEM format.
Specifying the peer public key on the local device
In SSH, to enable the local device to authenticate a peer device, specify the peer public key on the local
device.The device supports up to 20 peer public keys.
For information about displaying or exporting the host public key, see "Displaying or exporting the local
ho
st public keyTo specify the peer public key on the local device:
To specify the peer public key on the local device:
Method Prere
q
uisites
Remarks
Import the public key
from a public key file
(recommended)
3. Save the host public key of the intended
asymmetric key pair in a file.
4. Transfer a copy of the file through FTP
or TFTP in binary mode to the local
device.
During the import process, the system
automatically converts the public key to
a string in Public Key Cryptography
Standards (PKCS) format.