R0106-HP MSR Router Series Security Configuration Guide(V7)
194
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create local DSA or RSA key
pairs.
public-key local create { dsa |
ecdsa | rsa } [ name key-name ]
By default, no local key pairs exist.
Distributing a local host public key
You must distribute a local host public key to a peer device so the peer device can perform the following
operations:
• Use the public key to encrypt information sent to the local device.
• Authenticate the digital signature signed by the local device.
To distribute a local host public key:
1. Record the key or export the key to a file
2. Transfer the key, for example, by using FTP or TFTP
This section covers only the first task.
The following methods are available for recording or exporting a local host public key:
• Exporting a host public key in a specific format to a file. Use this method if you can import public
keys from a file on the peer device.
• Displaying a host public key in a specific format and saving it to a file. Use this method if you can
import public keys from a file on the peer device.
• Displaying a host public key. Use this method if you must manually enter the key on the peer device.
Exporting a host public key in a specific format to a file
Ste
p
Command
1. Enter system view.
system-view
2. Export a local host public key
in a specific format to a file.
• Export an RSA host public key:
{ In non-FIPS mode:
public-key local export rsa [ name key-name ] { openssh | ssh1 |
ssh2 } filename
{ In FIPS mode:
public-key local export rsa [ name key-name ] { openssh | ssh2 }
filename
• Export a DSA host public key:
public-key local export dsa [ name key-name ] { openssh | ssh2 }
filename
Displaying a host public key in a specific format and saving it
to a file
After you display a host public key in a specific format, save the key to a file and transfer the file to the
peer device.
To display a local host public key in a specific format: