1.1 SSH Commands
Syntax
display public-key local { dsa | rsa } public
View
Any view
Parameters
dsa: Displays the public key of the current switch’s DSA key pair.
rsa: Displays the public key part of the current switch’s RSA key
pair(s).
Description
Use the display public-key local
command to display the public key part of the current switch’s key pairs.
Related commands: public-key local
create.
Examples
# Display the public key part of the current
switch’s RSA key pair(s).
<Sysname> display public-key
local rsa public
=====================================================
Time of Key pair created: 23:48:18
2000/04/03
Key name: Sysname_Host
Key type: RSA encryption Key
=====================================================
Key code:
30819F300D06092A864886F70D010101050003818D0030818902818100C7C4D2E1C59A7590
8417C660AD1D5EB172AB6EE9AAF994DB7A1C31EB87F750EE12A57832C6070FC008A5EE2B66
75FD6A430575D97350E300A20FEB773D93D7C3565467B0CA6B95C07D3338C523743B49D82C
5EC2C9458D248955846F9C32F4D25CC92D0E831E564BBA6FAE794EEC6FCDEDB822909CC687
BEBF51F3DFC5C30D590203010001
=====================================================
Time of Key pair created: 23:48:36
2000/04/03
Key name: Sysname_Server
Key type: RSA encryption Key
=====================================================
Key code:
307C300D06092A864886F70D0101010500036B003068026100BC86D8F08E101461C1231B12
2777DBE777645C81C569C004EC2FEC03C205CC7E3B5DAA38DD865C6D1FB61C91B85ED63C6F
35BAFBF9A6D2D2989C20051FF8FA31A14FCF73EC1485422E5B800B55920FC121329020E82F
2945FFAD81BE72663BF70203010001
# Display the public key of the current
switch’s DSA key pair.
<Sysname> display public-key
local dsa public
=====================================================
Time of Key pair created: 08:01:23
2000/04/02
Key name:
Key type: DSA encryption Key
=====================================================
Key code:
308201B73082012C06072A8648CE3804013082011F02818100D757262C4584C44C211F18BD
96E5F061C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE65BE6C265854889DC1E
DBD13EC8B274DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B06FD60FE01941D
DD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B36895038
7811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F0281810082269009E1
4EC474BAF2932E69D3B1F18517AD9594184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD
35D02492B3959EC6499625BC4FA5082E22C5B374E16DD00132CE71B020217091AC717B6123
91C76C1FB2E88317C1BD8171D41ECB83E210C03CC9B32E810561C21621C73D6DAAC028F4B1
585DA7F42519718CC9B09EEF038184000281804B7E6A5D60A6B71C0B585ED495C36F82C170
72C0446CE099F2C733171E8C014B6D4F91C54C9998921CA35C7BD4385E55D39B324F04DBE9
F4CC91DE8ED949C7007C160D129ECB54D6C39E697DAD5BFB56BAF3281584B23CA7DFB46AAB
5B8C56A5903F61B34A157022E68C6C2423D42B880FB20BA86135369F7CF3ACA46A55BEF8
Syntax
display public-key peer [ brief | name pubkey-name ]
View
Any view
Parameters
brief:
Displays brief information about the locally saved public keys of all SSH peers.
pubkey-name:
Name of the public key, a string of 1 to 64 characters.
Description
Use the display public-key peer
command to display information about locally saved public keys of SSH peers. If
no key name is specified, the command displays detailed information about the locally
saved public keys of all SSH peers.
Caution:
Sometimes the
public key modulo displayed with the display public-key peer command is
one bit smaller than the actual modulo. This is because the actually generated
key pair is one bit smaller than specified. For example, when you specify a
1024-bit key pair, the actually generated key pair may have 1024 or 1023 bits.
You can configure
an SSH peer’s public key on the current switch by using the public-key
peer command or the public-key peer import sshkey command.
Related commands: public-key peer, public-key peer
import sshkey.
Examples
# Display brief information about all peer
public keys.
<Sysname> display public-key
peer brief
Type Module Name
---------------------------
RSA 1023 idrsa
DSA 1024 127.0.0.1
RSA 1024 18
# Display the information about the public
key named pubkey-name.
<Sysname> display public-key
peer name pubkey-name
=====================================
Key name : pubkey-name
Key type : RSA
Key module: 1024
=====================================
Key Code:
30819D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0
C01C7CE136BA76C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB
39B3F39C5CE56C95B6AB7442D56393BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFF
B58BE6F035FAA2C596B27D1231D159846B7CB9A7757C5800FADA9FD72F65672F4A549EE99F
63095E11BD37789955020123
Syntax
display rsa local-key-pair public
View
Any view
Parameters
None
Description
Use the display rsa local-key-pair
public command to display the public key part of the current switch’s
RSA key pair(s). If no key pair has been generated, the system prompts “%
RSA keys not found”.
Related commands: rsa local-key-pair
create.
Examples
# Display the public key part of the current
switch’s RSA key pair(s).
<Sysname> display rsa
local-key-pair public
=====================================================
Time of Key pair created: 20:08:35
2000/04/02
Key name: Sysname_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
DE99B540 87B666B9 69C948CD
BBCC2B60 997F9C18
9AA6651C 6066EF76 242DEAD1
DEFEA162 61677BD4
1A7BFAE7 668EDAA9 FB048C37
A0F1354D 5798C202
2253F4F5
0203
010001
=====================================================
Time of Key pair created: 20:08:46
2000/04/02
Key name: Sysname_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
D6D70AE4 D2A900BE AC21B4E7
617CBEFA 2BAED61F
B637070C 093F43AF 9DB9D644
BCD921EF D056EF36
26825C2A 1FC0EFC3 E27B5110
3F20F790 6C83274B
D0FC303F 51072D6C B5D0054D
3673EBA0 A4748984
5EBF6EBE CF6A13B1 C7858241
A2A9AA79
0203
010001
After you complete
the RSA key pair generation task:
l
If the switch is working in SSH1-compatible
mode, there should be two public keys generated (that is, the host public key
and the server public key), and the display rsa local-key-pair public command
should display those two public keys.
l
If the switch is working in SSH2 mode, there
should be only one public key generated (that is, the host public key), and the
command should display the public key.
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameters
brief: Displays
brief information about the public keys of all SSH peers.
keyname: Specifies
a key by its name, which is a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key
command to display information about the locally saved public keys of all SSH
peers. If no key name is specified, the command displays detailed information
about the locally saved public keys of all SSH peers.
Caution:
Sometimes the
public key modulo displayed with the display rsa peer-public-key command is one
bit smaller than the actual modulo. This is because the actually generated key
pair is one bit smaller than specified. For example, when you specify a
1024-bit key pair, the actually generated key pair may have 1024 or 1023 bits.
Examples
# Display brief information about all peer
public keys.
<Sysname> display rsa
peer-public-key brief
Type Module Name
---------------------------
DSA 1023 2
DSA 1024 a
# Display the information about public key “abcd”.
<Sysname> display rsa
peer-public-key name abcd
=====================================
Key name : abcd
Key type : RSA
Key module: 1024
=====================================
Key Code:
30819F300D06092A864886F70D010101050003818D0030818902818100B0EEC8768E310AE2
EE44D65A2F944E2E6F32290D1ECBBFFF22AA11712151FC29F1C1CD6D7937723F77103576C4
1A03DB32F32C46DEDA68566E89B53CD4DF8F9899B138C578F7666BFB5E6FE1278A84EC8562
A12ACBE2A43AF61394276CE5AAF5AF01DA8B0F33E08335E0C3820911B90BF4D19085CADCE0
B50611B9F6696D31930203010001
Syntax
display ssh server
{ session | status }
View
Any view
Parameters
session: Displays
SSH session information.
status:
Displays SSH status information.
Description
Use the display ssh server
command on an SSH server to display SSH status or session information.
Related commands: ssh server authentication-retries,
ssh server timeout, ssh server compatible-ssh1x enable, ssh server
rekey-interval.
Examples
# Display status information about the SSH
Server.
<Sysname> display ssh server
status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval :
0 hours
SSH Authentication retries : 3 times
SFTP Server: Disable
SFTP idle timeout : 10 minutes
Caution:
l
If you use the ssh server compatible-ssh1x
enable command to configure the server to be compatible with SSH1.x
clients, the SSH version will be displayed as 1.99.
l
If you use the undo ssh server compatible-ssh1x
command to configure the server to be not compatible with SSH1.x clients, the
SSH version will be displayed as 2.0.
# Display session information about the SSH
Server.
<Sysname> display ssh server
session
Conn Ver Encry State
Retry SerType Username
VTY 0 2.0 AES started
0 stelnet kk
VTY 1 2.0 AES started
0 sFTP abc
Table 1-1 Description on the fields of
the display ssh server session command
|
Field
|
Description
|
|
Conn
|
Number of VTY interface used for user login
|
|
Ver
|
SSH version
|
|
Encry
|
Encryption algorithm used by SSH
|
|
State
|
Session status
|
|
Retry
|
Number of connection retries
|
|
SerType
|
Service type
|
|
Username
|
User name
|
Syntax
display ssh server-info
View
Any view
Parameters
None
Description
Use the display ssh server-info
command on an SSH client to display the mappings between SSH servers and their public
keys saved on the client.
If an SSH client
needs to authenticate the SSH server, it uses the locally saved public key of the
server for authentication. In case the authentication fails, you can use the display
ssh server-info command to view whether the locally saved public key of the
server is correct.
Related commands: ssh client assign,
ssh client first-time enable.
Examples
# Display the mappings between SSH servers
and their public keys saved on the client.
<Sysname> display ssh
server-info
Server
Name(IP) Server public key name
_________________________________________________________________________
192.168.0.90
192.168.0.90
Syntax
display ssh user-information [ username ]
View
Any view
Parameters
username:
SSH user name, a string of 1 to 184 characters. It cannot contain any of these
characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?),
less than sign (<), greater than sign (>), and the vertical bar sign (|).
In addition, the @ sign can appear up to once, the username part (that is, the string
before the @ sign) cannot be more than 55 characters, and the domain name part cannot
be more than 128 characters.
Description
Use the display ssh user-information
command on an SSH server to display information about the current SSH users,
including user name, authentication type, corresponding public key name and
authorized service type. If the username argument is specified, the
command displays information about the specified user.
Related commands: ssh
authentication-type default, ssh user, ssh user
authentication-type, ssh user assign, ssh user service-type.
Examples
# Display information about the current SSH
users.
<Sysname> display ssh
user-information
Username
Authentication-type User-public-key-name Service-type
kk publickey
test sftp
Syntax
display ssh2 source-ip
View
Any view
Parameters
None
Description
Use the display ssh2 source-ip command
to display the current source IP address or the IP address of the source
interface specified for the SSH client. If neither source IP address nor source
interface is specified, the command displays 0.0.0.0.
Related commands: ssh2 source-ip.
Examples
# Display the current source IP address
specified for the SSH Client.
<Sysname> display ssh2
source-ip
The source IP you specified is
192.168.0.1
Syntax
display ssh-server source-ip
View
Any view
Parameters
None
Description
Use the display ssh-server source-ip command
to display the current source IP address or the IP address of the source
interface specified for the SSH server. If neither source IP address nor source
interface is specified, the command displays 0.0.0.0.
Related commands: ssh-server source-ip.
Examples
# Display the current source IP address
specified for the SSH Server.
<Sysname> display ssh-server
source-ip
The source IP you specified is
192.168.1.1
Syntax
peer-public-key end
View
Public key view
Parameters
None
Description
Use the peer-public-key end
command to return from public key view to system view.
Related commands: rsa peer-public-key,
public-key-code begin, public-key peer.
Examples
# Exit public key view.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] rsa peer-public-key Switch003
RSA public key view: return to System
View with "peer-public-key end".
[Sysname-rsa-public-key]
peer-public-key end
[Sysname]
1.1.11 protocol inbound
Syntax
protocol
inbound { all | ssh | telnet }
View
VTY user
interface view
Parameters
all:
Supports both Telnet and SSH.
ssh:
Supports only SSH.
telnet:
Supports only Telnet.
Description
Use the protocol inbound command to
configure specific user interface(s) to support specified protocol(s). The
configuration will take effect at next user login.
By default, both SSH and Telnet are
supported.
As SSH clients
access the SSH server through VTY user interfaces, you need configure the VTY
user interfaces of the SSH server to support remote SSH login.
Caution:
l
If you have configured a user interface to
support SSH protocol, to ensure a successful login to the user interface, you
must configure AAA authentication for the user interface by using the authentication-mode
scheme command.
l
For a user interface, if you have executed the authentication-mode
password or authentication-mode none command, the protocol
inbound ssh command cannot be executed; if you have executed the protocol
inbound ssh command, neither of the authentication-mode password and
authentication-mode none commands can be executed.
Examples
# Configure vty0 through vty4 to support
SSH only.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode
scheme
[Sysname-ui-vty0-4] protocol inbound
ssh
Syntax
public-key local create { dsa | rsa }
View
System view
Parameters
dsa: Specifies the DSA key pair.
rsa: Specifies the RSA key pair.
Description
Use the public-key local create
command to create a local DSA key pair or RSA key pair.
Note that:
l
Generating the RSA and DSA key pairs on the
server is prerequisite to SSH login.
l
After entering this command, you will be
prompted to provide the length of the key pair. The length of a server/host key
must be in the range 512 to 2048 bits and defaults to 1024. If the key pair
already exists, the system will ask you whether you want to overwrite it.
l
The configuration of this command can survive a
reboot. You only need to configure it once.
Related commands: public-key local
destroy, display public-key local.
Examples
# Create an RSA key pair of 512 bits.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] public-key local create rsa
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]: 512
Generating keys...
...++++++
...................................................................++++++
...........................++++++++
.....++++++++
......
# Display the public key part of the RSA
key pair(s).
[Sysname] display public-key local
rsa public
=====================================================
Time of Key pair created: 03:14:23
2000/04/06
Key name: Sysname_Host
Key type: RSA encryption Key
=====================================================
Key code:
305C300D06092A864886F70D0101010500034B003048024100D6665EFEC14F48A5B42A413E
2FACCAA9F02C772AEDC4911E76AAEE55BA49C4A0233D2D80504068BD9C892C0DD9EBBBC7EB
8842ED61CDB418A29CA1362BB48C190203010001
=====================================================
Time of Key pair created: 03:14:36
2000/04/06
Key name: Sysname_Server
Key type: RSA encryption Key
=====================================================
Key code:
307C300D06092A864886F70D0101010500036B003068026100A3B63F5B0E5470D9FE200545
0342011FEDE2A924C71EB19E28D257E43EF7E531D7C37FBB157712A2F2AF0F5BAF3E605954
96C5B3EAFF25BFB56F1E1CC7A7004D0FF048654BFEADB21C5AF3E24FB0516393BFEEF65A83
B7416F170886904C8BE30203010001
# Create a DSA key pair of 512 bits.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] public-key local create dsa
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]:512
Generating keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+..+................
.......+..........+..............+.............+...+.....+...............+..+...
...+.................+..........+...+....+.......+.....+............+.........+.
........................+........+..........+..............+.....+...+..........
..............+.........+..........+...........+........+....+..................
.....+++++++++++++++++++++++++++++++++++++++++++++++++++*
......
# Display the public key of the DSA key
pair.
[Sysname]display public-key local dsa
public
=====================================================
Time of Key pair created: 03:17:33
2000/04/06
Key name:
Key type: DSA encryption Key
=====================================================
Key code:
3081F03081A806072A8648CE38040130819C0241008DF2A494492276AA3D25759BB06869CB
EAC0D83AFB8D0CF7CBB8324F0D7882E5D0762FC5B7210EAFC2E9ADAC32AB7AAC49693DFBF8
3724C2EC0736EE31C80291021500C773218C737EC8EE993B4F2DED30F48EDACE915F024062
6D027839EA0A13413163A55B4CB500299D5522956CEFCB3BFF10F399CE2C2E71CB9DE5FA24
BABF58E5B79521925C9CC42E9F6F464B088CC572AF53E6D7880203430002406FBDE6C9BD57
8722585CDF4F3BFB31DD739865D1EA0312EDF2BAF4841C0A963E400640E467206817292CDF
E5D91D86FDB9C3A16141E675E6FFC6C2577E660FF1
Syntax
public-key local destroy { dsa | rsa }
View
System view
Parameters
dsa: Specifies the DSA key pair.
rsa: Specifies the RSA key pair.
Description
Use the public-key local destroy
command to destroy the DSA key pair or RSA key pair generated for the current
switch.
Related commands: public-key local
create.
Examples
# Destroy the RSA key pair of the current
switch.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname]public-key local destroy dsa
% Confirm to destroy these keys?
[Y/N]:y
......
# Destroy the DSA key pair of the current
switch.
<Sysname>system-view
System View: return to User View with
Ctrl+Z.
[Sysname] public-key local destroy
dsa
% Confirm to destroy these keys?
[Y/N]:y
......
Syntax
public-key local export rsa { openssh | ssh1 | ssh2 } [ filename
]
View
System view
Parameters
rsa:
Specifies the host public key of the current switch’s RSA key pair.
openssh:
Specifies the format of the exported file as OpenSSH.
ssh1:
Specifies the format of the exported file as SSH1.
ssh2:
Specifies the format of the exported file as SSH2.
filename: Name
of the file for saving the host public key, a string of 1 to 142 characters. For
file naming rules, refer to File System Management Command.
Description
Use the public-key local export rsa
command to display the host public key of the current switch’s RSA key
pair on the screen or export it to a specified file.
If you specify a filename, the host public
key will be exported to the file and the file will be saved. If you do not
specify any filename, the host public key will be displayed on the screen.
Caution:
l
SSH1, SSH2, and OpenSSH are three public key
file formats. You can choose one as required.
l
The host public key displayed on the screen is
in a format that is not transformed and cannot be used as the public key data
for public key configuration.
Related commands: public-key local
create, rsa local-key-pair create.
Examples
# Generate an RSA key pair.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]:
Generating keys...
...............................................++++++
......++++++
.................++++++++
.....++++++++
.......
# Display the host public key in the OpenSSH
format.
[Sysname]public-key local export rsa
openssh
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAgMSPi+xIkHkAo6E9LwLKWN+eN9EqW/6FIYEIlVKcpIa0
6IT4eSyq4OldeiZ9WorOiDqX3ROo4FmaTR/QCSK3C9whE1qz/4soVL1eHDdgzQCumKKsJCVaM5OdZ2sdNbEnhLucs8ZrfTgEkDB1hmbgzuDpWPokPfkQDD+8dC+hkFVV
rsa-key
# Export the host public key of the RSA key
pair in the format of OpenSSH and save the public key file as pub_ssh_file2.
[Sysname] public-key local export rsa
openssh pub_ssh_file2
# Export the host public key of the RSA key
pair in the format of SSH1 and save the public key file as pub_ssh_file3.
[Sysname] public-key local export rsa
ssh1 pub_ssh_file3
1.1.15 public-key local export dsa
Syntax
public-key
local export dsa { openssh | ssh2 }
[ filename ]
View
System view
Parameters
dsa: Specifies
the public key of the current switch’s DSA key pair.
openssh:
Uses the format of OpenSSH.
ssh2: Uses
the format of SSH2.
filename: Name
of the file for saving the public key, a string of 1 to 142 characters. For
file naming rules, refer to File System Management Command.
Description
Use the public-key local export dsa
command to display the public key of the current switch’s DSA key pair on
the screen or export it to a specified file.
If you specify a filename, the public key
will be exported to the file and the file will be saved. If you do not specify
any filename, the public key will be displayed on the screen.
Caution:
l
SSH1, SSH2, and OpenSSH are three public key
file formats. You can choose one as required.
l
The host public key displayed on the screen is
in a format that is not transformed and cannot be used as the public key data
for public key configuration.
Related commands: public-key local
create.
Examples
# Generate a DSA key pair.
<Sysname> system-view
[Sysname]public-key local create dsa
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]:
Generating keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+..+..........
.............+..........+..............+.............+...+.....+..........
.....+..+......+.................+..........+...+....+.......+.....+......
......+.........+.........................+........+..........+...........
...+.....+...+........................+.........+..........+...........+..
......+....+.......................+++++++++++++++++++++++++++++++++++++++
++++++++++++*
.......
# Display the public key in the SSH2
format.
[Sysname] public-key local export dsa
ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20000406"
AAAAB3NzaC1kc3MAAACA11cmLEWExEwhHxi9luXwYcTwpCP3/mtrhbNM73LOFKDTpSIv4Izs5l
vmwmWFSIncHtvRPsiydNqfdbomzLmHcjYCeH6SK6hEIfIsPInLmwb9YP4BlB3dd/5rEok9p27r
wdEo2X8GeNdyK1NByFBvNYIUsWovrEs2iVA4eBHH2jMAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV
8AAACAgiaQCeFOxHS68pMuadOx8YUXrZWUGEzN/OrpbsTV75MTPoS0cJPFKyDNNdAkkrOVnsZJ
liW8T6UILiLFs3ThbdABMs5xsCAhcJGscXthI5HHbB+y6IMXwb2BcdQey4PiEMA8ybMugQVhwh
Yhxz1tqsAo9LFYXaf0JRlxjMmwnu8AAACA04Cd4ccxNjCMWzPAzZhj65GjyxExYS72XKWt0S0A
Us51ttRCqOHV/G8LUcdQ4pkp7XK6YGvxS0m1RPb9cIOMQZSYdHiXOq45zFA3Y8ylnWWF6EiuVU
stjN8RC8VtnTzzIbihwmSSR0R9OEGi1vnxCdA1l5wDhuEYJMgq9ipVXLA=
---- END SSH2 PUBLIC KEY ----
# Export the public key in OpenSSH format.
<Sysname> system-view
[Sysname] public-key local export dsa
openssh key.pub
1.1.16 public-key peer
Syntax
public-key peer keyname
undo public-key peer keyname
View
System view
Parameters
keyname:
Name of the public key, a string of 1 to 64 characters.
Description
Use the public-key peer command to
enter public key view.
Use the undo public-key
peer command to delete the configuration of peer
public key.
After configuring this command, you enter
public key view. You can use this command together with the public-key-code
begin command to configure the peer public key. This public key
configuration method requires that you obtain the public key in hexadecimal
format in advance.
Only the public key
whose module is of 512 to 2,048 bits can be configured on the device currently.
Related commands: public-key-code begin, public-key-code
end.
Examples
# Enter public key view
<Sysname>system-view
System View: return to User View with
Ctrl+Z.
[Sysname]public-key peer pub.ppk
PKEY public key view: return to
System View with "peer-public-key end".
[Sysname-peer-public-key]
Syntax
public-key peer keyname import sshkey filename
undo public-key peer keyname
View
System view
Parameters
keyname:
Name of the public key , a string of 1 to 64 characters.
filename: Name
of a public key file, a string of 1 to 142 characters. For file naming rules,
refer to File System Management Command.
Description
Use the public-key peer import sshkey command
to import a peer public key from the public key file.
Use the undo
public-key peer command to remove the setting.
l
Only public key files in the format of SSH1, SSH2,
or OpenSSH are supported.
l
Currently, only public keys whose modules are in
the range 512 to 2048 bits can be imported to the switch.
l
You may use this command to configure an SSH
peer’s public key on the current switch. After you issue this command, the
system will automatically identify the format of the public key, transforms the
public key into the PKCS format, and saves the public key locally. This public
key configuration method requires that the public key file be uploaded to the
current switch through FTP or TFTP.
Examples
# Import the public key of the user from
the public key file named pub.ppk and name it as peer.pk.
<Sysname>system-view
System View: return to User View with
Ctrl+Z.
[Sysname] public-key peer peer.pk
import sshkey pub.ppk
Syntax
public-key-code begin
View
Public key view
Parameters
None
Description
Use the public-key-code begin
command to enter public key edit view.
After entering public key code view, you
can input the key data. It must be a hexadecimal string and coded compliant to
PKCS.
Related commands: rsa peer-public-key,
public-key peer, public-key-code end.
Examples
# Enter public key edit view and input a
public key.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] rsa peer-public-key Switch003
RSA public key view: return to System
View with "peer-public-key end".
[Sysname-rsa-public-key]
public-key-code begin
RSA key code view: return to last
view with "public-key-code end".
[Sysname-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[Sysname-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[Sysname-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[Sysname-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[Sysname-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[Sysname-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[Sysname-rsa-key-code]
public-key-code end
[Sysname-rsa-public-key]
Syntax
public-key-code end
View
Public key edit view
Parameters
None
Description
Use the public-key-code end command
to return from public key edit view to public key view and save the public key
you input.
After you use this command to end editing
the public key, the system will check the validity of the public key before
saving the key.
l
If there is any illegal character in the key,
your configuration fails. In this case, a prompt is displayed and the key is
discarded.
l
If the key is valid, it is saved in the local
public key list.
Related commands: rsa peer-public-key,
public-key peer, public-key-code begin.
Examples
# Exit public key edit view and save the
public key you input.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] rsa peer-public-key Switch003
RSA public key view: return to System
View with "peer-public-key end".
[Sysname-rsa-public-key] public-key-code
begin
RSA key code view: return to last
view with "public-key-code end".
[Sysname-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[Sysname-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[Sysname-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[Sysname-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[Sysname-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
