Login
- Table of Contents
-
- 10-Security Command Reference
- 00-Preface
- 01-AAA Commands
- 02-802.1X Commands
- 03-MAC Authentication Commands
- 04-Portal Commands
- 05-Password Control Commands
- 06-Public Key Commands
- 07-IPsec Commands
- 08-SSH Commands
- 09-Packet-Filter Firewall Commands
- 10-ALG Commands
- 11-Session Management Commands
- 12-TCP and ICMP Attack Protection Commands
- 13-IP Source Guard Commands
- 14-ARP Attack Protection Commands
- 15-URPF Commands
- 16-COPS Commands
- 17-FIPS Commands
- 18-PKI Commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Public Key Commands | 93.14 KB |
display public-key local public
Syntax
display public-key local { dsa | rsa } public [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
dsa: Specifies a DSA key pair.
rsa: Specifies an RSA key pair.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display public-key local public command to display the public key information of the local key pairs.
Related commands: public-key local create.
Examples
# Display the public key information of the local RSA key pairs.
<Sysname> display public-key local rsa public
=====================================================
Time of Key pair created: 19:59:16 2007/10/25
Key name: HOST_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
30819F300D06092A864886F70D010101050003818D0030818902818100BC4C392A97734A633BA0F1DB01F84EB51228EC86ADE1DBA597E0D9066FDC4F04776CEA3610D2578341F5D049143656F1287502C06D39D39F28F0F5CBA630DA8CD1C16ECE8A7A65282F2407E8757E7937DCCDB5DB620CD1F471401B7117139702348444A2D8900497A87B8D5F13D61C4DEFA3D14A7DC07624791FC1D226F62DF30203010001
=====================================================
Time of Key pair created: 19:59:17 2007/10/25
Key name: SERVER_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
307C300D06092A864886F70D0101010500036B003068026100C51AF7CA926962284A4654B2AACC7B2AE12B2B1EABFAC1CDA97E42C3C10D7A70D1012BF23ADE5AC4E7AAB132CFB6453B27E054BFAA0A85E113FBDE751EE0ECEF659529E857CF8C211E2A03FD8F10C5BEC162B2989ABB5D299D1E4E27A13C7DD10203010001
# Display the public key information of the local DSA key pair.
<Sysname> display public-key local dsa public
=====================================================
Time of Key pair created: 20:00:16 2007/10/25
Key name: HOST_KEY
Key type: DSA Encryption Key
=====================================================
Key code:
308201B83082012C06072A8648CE3804013082011F02818100D757262C4584C44C211F18BD96E5F061C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE65BE6C265854889DC1EDBD13EC8B274DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B06FD60FE01941DDD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B368950387811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F0281810082269009E14EC474BAF2932E69D3B1F18517AD9594184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02492B3959EC6499625BC4FA5082E22C5B374E16DD00132CE71B020217091AC717B612391C76C1FB2E88317C1BD8171D41ECB83E210C03CC9B32E810561C21621C73D6DAAC028F4B1585DA7F42519718CC9B09EEF0381850002818100CCF1F78E0860BE937FD3CA07D2F2A1B66E74E5D1E16693EB374D677A7A6124EBABD59FE48796C56F3FF919F999AEB97D1F2B83D9B98AC09BC1F72E80DBE337CB29989A23378EB21C38EE083F11ED6DC8D4DBE001BA85450CEA071C2A471C83761E4CF32C174B418612CDD597B441F0CAA05DC01CB93A0ABB247C06FBA4C79054
Table 1 Output description
|
Field |
Description |
|
Time of Key pair created |
Time at which the local key pair is created. |
|
Key name |
Key name, which can be one of the following values: · HOST_KEY—Host public key. · SERVER_KEY—Server public key. This value is available only for RSA key pairs. |
|
Key type |
Key type, which can be one of the following values: · RSA Encryption Key—RSA key pair. · DSA Encryption Key—DSA key pair. |
|
Key code |
Key data. |
display public-key peer
Syntax
display public-key peer [ brief | name publickey-name ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
brief: Displays brief information about all peer public keys.
name publickey-name: Displays information about a peer public key. publickey-name represents a public key by its name, a case-sensitive string of 1 to 64 characters.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display public-key peer command to display information about the specified or all locally saved peer public keys.
With neither the brief keyword nor the name publickey-name option specified, the command displays detailed information about all locally saved peer public keys.
You can use the public-key peer command or the public-key peer import sshkey command to get a local copy of a peer public key.
Related commands: public-key peer and public-key peer import sshkey.
Examples
# Display detailed information about the peer public key named idrsa.
<Sysname> display public-key peer name idrsa
=====================================
Key Name : idrsa
Key Type : RSA
Key Module: 1024
=====================================
Key Code:
30819D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0C01C7CE136BA76C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB39B3F39C5CE56C95B6AB7442D56393BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFFB58BE6F035FAA2C596B27D1231D159846B7CB9A7757C5800FADA9FD72F65672F4A549EE99F63095E11BD37789955020123
# Display brief information about all locally saved peer public keys.
<Sysname> display public-key peer brief
Type Module Name
---------------------------
RSA 1024 idrsa
DSA 1024 10.1.1.1
peer-public-key end
Syntax
peer-public-key end
View
Public key view
Default level
2: System level
Parameters
None
Description
Use the peer-public-key end command to return from public key view to system view.
Related commands: public-key peer.
Examples
# Exit public key view.
<Sysname> system-view
[Sysname] public-key peer key1
Public key view: return to System View with "peer-public-key end".
[Sysname-pkey-public-key] peer-public-key end
[Sysname]
public-key-code begin
Syntax
public-key-code begin
View
Public key view
Default level
2: System level
Parameters
None
Description
Use the public-key-code begin command to enter public key code view. Then input the key data in the correct format to specify the peer host or server public key. Spaces and carriage returns are allowed between characters.
If the peer device is an H3C device, input the key data displayed by the display public-key local public command so that the key is format compliant.
Do not configure the peer RSA server public key for identity authentication in SSH applications. Authentication in SSH applications uses the RSA host public key. For more information about SSH, see Security Configuration Guide.
Related commands: public-key peer and public-key-code end.
Examples
# Enter public key code view and input the key.
[Sysname] public-key peer key1
Public key view: return to System View with "peer-public-key end".
[Sysname-pkey-public-key] public-key-code begin
Public key code view: return to last view with "public-key-code end".
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
public-key-code end
Syntax
public-key-code end
View
Public key code view
Default level
2: System level
Parameters
None
Description
Use the public-key-code end command to return from public key code view to public key view and to save the configured public key.
The system verifies the key before saving it. If the key is not in the correct format, the system discards the key and displays an error message. If the key is valid, the system saves the key.
Related commands: public-key peer and public-key-code begin.
Examples
# Exit public key code view and save the configured public key.
<Sysname> system-view
[Sysname] public-key peer key1
Public key code view: return to last view with "public-key-code end".
[Sysname-pkey-public-key] public-key-code begin
Public key code view: return to last view with "public-key-code end".
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
[Sysname-pkey-key-code] public-key-code end
[Sysname-pkey-public-key]
public-key local create
Syntax
public-key local create { dsa | rsa }
View
System view
Default level
2: System level
Parameters
dsa: Specifies a DSA key pair.
rsa: Specifies an RSA key pair.
Description
Use the public-key local create command to create local key pairs. The created local key pairs are saved automatically, and can survive a reboot.
When using this command to create DSA or RSA key pairs, you will be prompted to provide the length of the key modulus. The modulus length is in the range 512 to 2048 bits, and defaults to 1024 bits. If the type of key pair already exists, the system will ask you whether you want to overwrite it.
Related commands: public-key local destroy and display public-key local public.
Examples
# Create local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local create rsa
Warning: The local key pair already exist.
Confirm to replace them? [Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++
+++++++++++++++++++++++++++
# Create a local DSA key pair.
<Sysname> system-view
[Sysname] public-key local create dsa
Warning: The local key pair already exist.
Confirm to replace them? [Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
*
..+.++++*
public-key local destroy
Syntax
public-key local destroy { dsa | rsa }
View
System view
Default level
2: System level
Parameters
dsa: DSA key pair.
rsa: RSA key pair.
Description
Use the public-key local destroy command to destroy the local key pairs.
Related commands: public-key local create.
Examples
# Destroy the local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local destroy rsa
Warning: Confirm to destroy these keys? [Y/N]:y
# Destroy the local DSA key pair.
<Sysname> system-view
[Sysname] public-key local destroy dsa
Warning: Confirm to destroy these keys? [Y/N] :y
public-key local export dsa
Syntax
public-key local export dsa { openssh | ssh2 } [ filename ]
View
System view
Default level
2: System level
Parameters
openssh: Uses the format of OpenSSH.
ssh2: Uses the format of SSH2.0.
filename: Specifies the name of the file for storing the local public key. For more information about file name, see Fundamentals Configuration Guide.
Description
Use the public-key local export dsa command to display the local DSA public key on the screen or export it to a specific file.
If you do not specify the filename argument, the command displays the local DSA public key on the screen; otherwise, the command exports the local DSA public key to the specified file and saves the file.
SSH2.0 and OpenSSH are two different public key formats for different requirements.
Related commands: public-key local create and public-key local destroy.
Examples
# Export the local DSA public key in OpenSSH format to a file named key.pub.
<Sysname> system-view
[Sysname] public-key local export dsa openssh key.pub
# Display the local DSA public key in SSH2.0 format.
<Sysname> system-view
[Sysname] public-key local export dsa ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20070625"
AAAAB3NzaC1kc3MAAACBANdXJixFhMRMIR8YvZbl8GHE8KQj9/5ra4WzTO9yzhSg06UiL+CM7OZb5sJlhUiJ3B7b0T7IsnTan3W6Jsy5h3I2Anh+kiuoRCHyLDyJy5sG/WD+AZQd3Xf+axKJPadu68HRKNl/BnjXcitTQchQbzWCFLFqL6xLNolQOHgRx9ozAAAAFQDHcyGMc37I7pk7Ty3tMPSO2s6RXwAAAIEAgiaQCeFOxHS68pMuadOx8YUXrZWUGEzN/OrpbsTV75MTPoS0cJPFKyDNNdAkkrOVnsZJliW8T6UILiLFs3ThbdABMs5xsCAhcJGscXthI5HHbB+y6IMXwb2BcdQey4PiEMA8ybMugQVhwhYhxz1tqsAo9LFYXaf0JRlxjMmwnu8AAACBANVcLNEKdDt6xcatpRjxsSrhXFVIdRjxw59qZnKhl87GsbgP4ccUp3KmcRzuqpz1qNtfgoZOLzHnG1YGxPp7Q2k/uRuuHN0bJfBkOLo2/RyGqDJIqB4FQwmrkwJuauYGqQy+mgE6dmHn0VG4gAkx9MQxDIBjzbZRX0bvxMdNKR22
---- END SSH2 PUBLIC KEY ----
# Display the local DSA public key in OpenSSH format.
<Sysname> system-view
[Sysname] public-key local export dsa openssh
ssh-dss AAAAB3NzaC1kc3MAAACBANdXJixFhMRMIR8YvZbl8GHE8KQj9/5ra4WzTO9yzhSg06UiL+CM7OZb5sJlhUiJ3B7b0T7IsnTan3W6Jsy5h3I2Anh+kiuoRCHyLDyJy5sG/WD+AZQd3Xf+axKJPadu68HRKNl/BnjXcitTQchQbzWCFLFqL6xLNolQOHgRx9ozAAAAFQDHcyGMc37I7pk7Ty3tMPSO2s6RXwAAAIEAgiaQCeFOxHS68pMuadOx8YUXrZWUGEzN/OrpbsTV75MTPoS0cJPFKyDNNdAkkrOVnsZJliW8T6UILiLFs3ThbdABMs5xsCAhcJGscXthI5HHbB+y6IMXwb2BcdQey4PiEMA8ybMugQVhwhYhxz1tqsAo9LFYXaf0JRlxjMmwnu8AAACBANVcLNEKdDt6xcatpRjxsSrhXFVIdRjxw59qZnKhl87GsbgP4ccUp3KmcRzuqpz1qNtfgoZOLzHnG1YGxPp7Q2k/uRuuHN0bJfBkOLo2/RyGqDJIqB4FQwmrkwJuauYGqQy+mgE6dmHn0VG4gAkx9MQxDIBjzbZRX0bvxMdNKR22 dsa-key
public-key local export rsa
Syntax
public-key local export rsa { openssh | ssh1 | ssh2 } [ filename ]
View
System view
Default level
2: System level
Parameters
openssh: Uses the format of OpenSSH.
ssh1: Uses the format of SSH1.5.
ssh2: Uses the format of SSH2.0.
filename: Specifies the name of the file for storing the host public key. For more information about file name, see Fundamentals Configuration Guide.
Description
Use the public-key local export rsa command to display the local RSA host public key on the screen or export it to a specific file.
If you specify the filename argument, the command exports the local RSA public key to the specified file and saves the file; otherwise, the command displays the local RSA host public key on the screen.
SSH1, SSH2.0 and OpenSSH are three different public key formats for different requirements.
Related commands: public-key local create and public-key local destroy.
Examples
# Export the local RSA host public key in OpenSSH format to a file named key.pub.
<Sysname> system-view
[Sysname] public-key local export rsa openssh key.pub
# Display the local RSA host public key in SSH2.0 format.
<Sysname> system-view
[Sysname] public-key local export rsa ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20070625"
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5NIc5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpOpzh3W768/+u1riz+1LcwVTs51Q==
---- END SSH2 PUBLIC KEY ----
# Display the local RSA host public key in OpenSSH format.
<Sysname> system-view
[Sysname] public-key local export rsa openssh
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5NIc5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpOpzh3W768/+u1riz+1LcwVTs51Q== rsa-key
public-key peer
Syntax
public-key peer keyname
undo public-key peer keyname
View
System view
Default level
2: System level
Parameters
keyname: Specifies the peer public key name, a case-sensitive string of 1 to 64 characters.
Description
Use the public-key peer command to specify a name for a peer public key and enter public key view.
Use the undo public-key peer command to remove a peer public key.
To manually configure a peer public key on the local device, obtain the public key (in hexadecimal) from the peer device beforehand and perform the following configurations:
1. Execute the public-key peer command, and then the public-key-code begin command to enter public key code view.
2. Type the peer public key.
3. Execute the public-key-code end command to save the public key and return to public key view.
4. Execute the peer-public-key end command to return to system view.
Related commands: public-key-code begin, public-key-code end, peer-public-key end, and display public-key peer.
Examples
# Specify the name for the peer public key as key1 and enter public key view.
<Sysname> system-view
[Sysname] public-key peer key1
Public key view: return to System View with "peer-public-key end".
[Sysname-pkey-public-key]
public-key peer import sshkey
Syntax
public-key peer keyname import sshkey filename
undo public-key peer keyname
View
System view
Default level
2: System level
Parameters
keyname: Specifies a public key name, a case-sensitive string of 1 to 64 characters.
filename: Specifies the name of the file that saves a peer host public key. For more information about file name, see Fundamentals Configuration Guide.
Description
Use the public-key peer import sshkey command to import a peer host public key from the public key file.
Use the undo public-key peer command to remove the specified peer host public key.
After execution of this command, the system automatically transforms the host public key in SSH1, SSH2.0 or OpenSSH format to PKCS format, and imports the key. This operation requires that you get a copy of the public key file from the peer device through FTP or TFTP in advance.
Related commands: display public-key peer.
Examples
# Import the peer host public key named key2 from the public key file key.pub.
<Sysname> system-view
[Sysname] public-key peer key2 import sshkey key.pub
