HP VPN Firewall Appliances VPN Configuration Guide
311
Exporting the host public key in a specific format to
a file
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Export a local RSA host public
key in a specific format to a
file.
public-key local export rsa
{ openssh | ssh1 | ssh2 } filename
Use at least one command.
3. Export a local DSA host public
key in a specific format to a
file.
public-key local export dsa
{ openssh | ssh2 } filename
After you export a host public key in a specific format to a file, transfer the file to the peer device.
Destroying a local asymmetric key pair
You may have to destroy a local asymmetric key pair and generate a new pair when an intrusion event
has occurred, the storage media of the device is replaced, the asymmetric key has been used for a long
time, or the local certificate expires. For more information about the local certificate, see "Managing
certificates."
To destroy a local asymmetric key pair:
Ste
p
Command
1. Enter system view.
system-view
2. Destroy a local asymmetric key pair.
public-key local destroy { dsa | rsa }
Specifying the peer public key on the local device
In SSH, to enable the local device to authenticate a peer device, specify the peer public key on the local
device. The device supports up to 20 peer public keys.
For information about displaying or exporting the host public key, see "Displaying or exporting the local
ho
st public key."
T
o specify the peer public key on the local device:
Method Prere
q
uisites
Remarks
Import the public key
from a public key file
(recommended)
1. Save the host public key of the intended
asymmetric key pair in a file.
2. Transfer a copy of the file through FTP
or TFTP in binary mode to the local
device.
During the import process, the system
automatically converts the public key to
a string in Public Key Cryptography
Standards (PKCS) format.