Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Public Key Commands | 50.99 KB |
1 Public Key Configuration Commands
Public Key Configuration Commands
display public-key local public
l The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region.
l Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model. For more information, see Feature Matrix.
l The interface types and the number of interfaces vary by AP model.
Public Key Configuration Commands
display public-key local public
Syntax
display public-key local { ecdsa | rsa } public
View
Any view
Default Level
1: Monitor level
Parameters
ecdsa: ECDSA key pair.
rsa: RSA key pair.
Description
Use the display public-key local public command to display the public key information of the local key pairs.
Related commands: public-key local create.
Examples
# Display the public key information of the local RSA key pairs.
<Sysname> display public-key local rsa public
=====================================================
Time of Key pair created: 19:59:16 2007/10/25
Key name: HOST_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
30819F300D06092A864886F70D010101050003818D0030818902818100BC4C392A97734A633BA0F1DB01F84E
B51228EC86ADE1DBA597E0D9066FDC4F04776CEA3610D2578341F5D049143656F1287502C06D39D39F28F0F5
CBA630DA8CD1C16ECE8A7A65282F2407E8757E7937DCCDB5DB620CD1F471401B7117139702348444A2D89004
97A87B8D5F13D61C4DEFA3D14A7DC07624791FC1D226F62DF3020301
0001
=====================================================
Time of Key pair created: 19:59:17 2007/10/25
Key name: SERVER_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
307C300D06092A864886F70D0101010500036B003068026100C51AF7CA926962284A4654B2AACC7B2AE12B2B
1EABFAC1CDA97E42C3C10D7A70D1012BF23ADE5AC4E7AAB132CFB6453B27E054BFAA0A85E113FBDE751EE0EC
EF659529E857CF8C211E2A03FD8F10C5BEC162B2989ABB5D299D1E4E27A13C7DD10203010001
# Display the public key information of the local ECDSA key pair.
<Sysname> display public-key local ecdsa public
=====================================================
Time of Key pair created: 10:49:32 2007/10/26
Key name: HOST_KEY
Key type: ECDSA Encryption Key
=====================================================
Key code:
3049301306072A8648CE3D020106082A8648CE3D03010103320004CE56C7870239FEA15B3D1B0C2BA236D287
294F4DE3F07D7F5D42EF4ABEEF989E5005E9B56F0825BB6B2F054D984AFE29
Table 1-1 display public-key local public command output description
|
Field |
Description |
|
Time of Key pair created |
Time at which the local key pair is created |
|
Key name |
Key name, which can be: l HOST_KEY: Host public key. l SERVER_KEY: Server public key. This value is available only for RSA key pairs. |
|
Key type |
Key type, which can be: l RSA Encryption Key: RSA key pair. l ECDSA Encryption Key: ECDSA key pair. |
|
Key code |
Key data |
display public-key peer
Syntax
display public-key peer [ brief | name publickey-name ]
View
Any view
Default Level
1: Monitor level
Parameters
brief: Displays brief information about all the host public keys of peers.
name publickey-name: Specifies a peer's host public key by its name, which is a case-sensitive string of 1 to 64 characters.
Description
Use the display public-key peer command to display information about the specified or all locally saved public keys of peers.
With neither the brief keyword nor the name publickey-name combination specified, the command displays detailed information about all locally saved public keys of peers.
You can use the public-key peer command or the public-key peer import sshkey command to get a local copy of the public keys of a peer.
Related commands: public-key peer and public-key peer import sshkey.
Examples
# Display detailed information about the peer host public key named idrsa.
<Sysname> display public-key peer name idrsa
=====================================
Key name : idrsa
Key type : RSA
Key module: 1024
=====================================
Key Code:
30819D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0C01C7CE136BA76
C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB39B3F39C5CE56C95B6AB7442D563
93BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFFB58BE6F035FAA2C596B27D1231D159846B7CB9A775
7C5800FADA9FD72F65672F4A549EE99F63095E11BD37789955020123
# Display brief information about all locally saved public keys of the peers.
<Sysname> display public-key peer brief
Type Module Name
---------------------------
RSA 1024 idrsa
DSA 1024 10.1.1.1
peer-public-key end
Syntax
peer-public-key end
View
Public key view
Default Level
2: System level
Parameters
None
Description
Use the peer-public-key end command to return from public key view to system view.
Related commands: public-key peer.
Examples
# Exit public key view.
<Sysname> system-view
[Sysname] public-key peer key1
[Sysname-pkey-public-key] peer-public-key end
[Sysname]
public-key-code begin
Syntax
public-key-code begin
View
Public key view
Default Level
2: System level
Parameters
None
Description
Use the public-key-code begin command to enter public key code view.
After entering public key code view, input the key data in the correct format. Spaces and carriage returns are allowed between characters.
You can input the key data displayed with the display public-key local public command to make sure the format requirements are met.
Related commands: public-key peer and public-key-code end.
Examples
# Enter public key code view and input the key.
[Sysname] public-key peer key1
[Sysname-pkey-public-key] public-key-code begin
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
public-key-code end
Syntax
public-key-code end
View
Public key code view
Default Level
2: System level
Parameters
None
Description
Use the public-key-code end command to return from public key code view to public key view and to save the configured public key.
The system verifies the key before saving it. If the key is not in the correct format, the system discards the key and displays an error message. If the key is valid, the system saves the key.
Related commands: public-key peer and public-key-code begin.
Examples
# Exit public key code view and save the configured public key.
<Sysname> system-view
[Sysname] public-key peer key1
[Sysname-pkey-public-key] public-key-code begin
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
[Sysname-pkey-key-code] public-key-code end
[Sysname-pkey-public-key]
public-key local create
Syntax
public-key local create { ecdsa | rsa }
View
System view
Default Level
2: System level
Parameters
ecdsa: ECDSA key pair.
rsa: RSA key pair.
Description
Use the public-key local create command to create local key pair(s). The created local key pair(s) are saved automatically, and can survive a reboot.
When using this command to create RSA key pairs, you will be prompted to provide the length of the key modulus. The modulus length is in the range 512 to 2048 bits, and defaults to 1024 bits. If the type of key pair already exists, the system will ask you whether you want to overwrite it.
Related commands: public-key local destroy and display public-key local public.
Examples
# Create local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++
++++++
++++++++
++++++++
# Create a local ECDSA key pair.
[Sysname] public-key local create ecdsa
Generating Keys...
......
public-key local destroy
Syntax
public-key local destroy { ecdsa | rsa }
View
System view
Default Level
2: System level
Parameters
ecdsa: ECDSA key pair.
rsa: RSA key pair.
Description
Use the public-key local destroy command to destroy the local key pair(s).
Related commands: public-key local create.
Examples
# Destroy the local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local destroy rsa
Warning: Confirm to destroy these keys? [Y/N]:y
# Destroy the local ECDSA key pair.
<Sysname> system-view
[Sysname] public-key local destroy ecdsa
Warning: Confirm to destroy these keys? [Y/N]:y
public-key local export rsa
Syntax
public-key local export rsa { openssh | ssh1 | ssh2 } [ filename ]
View
System view
Default Level
2: System level
Parameters
openssh: Uses the format of OpenSSH.
ssh1: Uses the format of SSH1.5.
ssh2: Uses the format of SSH2.0.
filename: Name of the file for storing the public key. For detailed information about file name, see File Management in the Fundamentals Configuration Guide.
Description
Use the public-key local export rsa command to display the local RSA public key on the screen or export them to a specified file.
If you do not specify the filename argument, the command displays the local RSA public key on the screen; otherwise, the command exports the local RSA public key to the specified file and saves the file.
SSH1, SSH2.0 and OpenSSH are three different public key formats for different requirements.
Related commands: public-key local create and public-key local destroy.
Examples
# Export the local RSA public key in OpenSSH format to a file named key.pub.
<Sysname> system-view
[Sysname] public-key local export rsa openssh key.pub
# Display the local RSA public key in SSH2.0 format.
<Sysname> system-view
[Sysname] public-key local export rsa ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20070625"
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5N
Ic5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpOpzh3W768/+u1riz+1LcwVTs51Q==
---- END SSH2 PUBLIC KEY ----
# Display the local RSA public key in OpenSSH format.
<Sysname> system-view
[Sysname] public-key local export rsa openssh
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5N
Ic5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpOpzh3W768/+u1riz+1LcwVTs51Q==
rsa-key
public-key peer
Syntax
public-key peer keyname
undo public-key peer keyname
View
System view
Default Level
2: System level
Parameters
keyname: Public key name, a case sensitive string of 1 to 64 characters.
Description
Use the public-key peer command to specify a name for a peer's host public key and enter public key view.
Use the undo public-key peer command to remove a peer's host public key.
To manually configure the public key of a peer on the local host, obtain the public key (in hexadecimal) from the peer beforehand and perform these configurations:
1) Execute the public-key peer command, and then the public-key-code begin command to enter public key code view.
2) Type the public key of the peer.
3) Execute the public-key-code end command to save the public key and return to public key view.
4) Execute the peer-public-key end command to return to system view.
Related commands: public-key-code begin, public-key-code end, and display public-key peer.
Examples
# Specify the name for the peer's host public key as key1 and enter public key view.
<Sysname> system-view
[Sysname] public-key peer key1
[Sysname-pkey-public-key]
public-key peer import sshkey
Syntax
public-key peer keyname import sshkey filename
undo public-key peer keyname
View
System view
Default Level
2: System level
Parameters
keyname: Public key name, a case-sensitive string of 1 to 64 characters.
filename: Name of the file that saves a peer's public key. For more information about file name, see File Management in the Fundamentals Configuration Guide.
Description
Use the public-key peer import sshkey command to import the public key of a peer from the public key file.
Use the undo public-key peer command to remove a configured peer public key.
After execution of this command, the system automatically transforms the public key in SSH1, SSH2.0 or OpenSSH format to PKCS format, and imports the peer public key. This operation requires that you get a copy of the public key file from the peer through FTP or TFTP in advance.
Related commands: display public-key peer.
Examples
# Import the peer host public key named key2 from the public key file key.pub.
<Sysname> system-view
[Sysname] public-key peer key2 import sshkey key.pub
