Login
- Table of Contents
-
- 11-Security Command Reference
- 00-Preface
- 01-AAA Commands
- 02-802.1X_Commands
- 03-MAC Authentication Commands
- 04-Portal Commands
- 05 Password Control Commands
- 06-Public Key Commands
- 07-IPsec Commands
- 08-SSH Commands
- 09-Blacklist Commands
- 10-TCP and ICMP Attack Protection Commands
- 11-IP Source Guard Commands
- 12-ARP Attack Protection Commands
- 13-ND Attack Defense Commands
- 14-URPF Commands
- 15-PKI Commands
- 16-SSL Commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Public Key Commands | 111.83 KB |
display public-key local public
Syntax
display public-key local { dsa | rsa } public [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
dsa: Specifies a DSA key pair.
rsa: Specifies an RSA key pair.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display public-key local public command to display the public key information of the local key pairs.
Related commands: public-key local create.
Examples
# Display the public key information of the local RSA key pairs.
<Sysname> display public-key local rsa public
=====================================================
Time of Key pair created: 19:59:16 2006/10/25
Key name: HOST_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
30819F300D06092A864886F70D010101050003818D0030818902818100BC4C392A97734A633BA0F1DB01F84EB51228EC86ADE1DBA597E0D9066FDC4F04776CEA3610D2578341F5D049143656F1287502C06D39D39F28F0F5CBA630DA8CD1C16ECE8A7A65282F2407E8757E7937DCCDB5DB620CD1F471401B7117139702348444A2D8900497A87B8D5F13D61C4DEFA3D14A7DC07624791FC1D226F62DF30203010001
=====================================================
Time of Key pair created: 19:59:17 2006/10/25
Key name: SERVER_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
307C300D06092A864886F70D0101010500036B003068026100C51AF7CA926962284A4654B2AACC7B2AE12B2B1EABFAC1CDA97E42C3C10D7A70D1012BF23ADE5AC4E7AAB132CFB6453B27E054BFAA0A85E113FBDE751EE0ECEF659529E857CF8C211E2A03FD8F10C5BEC162B2989ABB5D299D1E4E27A13C7DD10203010001
# Display the public key information of the local DSA key pair.
<Sysname> display public-key local dsa public
=====================================================
Time of Key pair created: 20:00:16 2006/10/25
Key name: HOST_KEY
Key type: DSA Encryption Key
=====================================================
Key code:
308201B83082012C06072A8648CE3804013082011F02818100D757262C4584C44C211F18BD96E5F061C4F0A423F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE65BE6C265854889DC1EDBD13EC8B274DA9F75BA26CCB987723602787E922BA84421F22C3C89CB9B06FD60FE01941DDD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B368950387811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F0281810082269009E14EC474BAF2932E69D3B1F18517AD9594184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02492B3959EC6499625BC4FA5082E22C5B374E16DD00132CE71B020217091AC717B612391C76C1FB2E88317C1BD8171D41ECB83E210C03CC9B32E810561C21621C73D6DAAC028F4B1585DA7F42519718CC9B09EEF0381850002818100CCF1F78E0860BE937FD3CA07D2F2A1B66E74E5D1E16693EB374D677A7A6124EBABD59FE48796C56F3FF919F999AEB97D1F2B83D9B98AC09BC1F72E80DBE337CB29989A23378EB21C38EE083F11ED6DC8D4DBE001BA85450CEA071C2A471C83761E4CF32C174B418612CDD597B441F0CAA05DC01CB93A0ABB247C06FBA4C79054
Table 1 Output description
|
Field |
Description |
|
Time of Key pair created |
Date and time when the local key pair is created. |
|
Key name |
Key name: · HOST_KEY—Host public key. · SERVER_KEY—Server public key. This value is available only for RSA key pairs. |
|
Key type |
Key type: · RSA Encryption Key—RSA key pair. · DSA Encryption Key—DSA key pair. |
|
Key code |
Public key data. |
display public-key peer
Syntax
display public-key peer [ brief | name publickey-name ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
brief: Displays brief information about all peer public keys.
name publickey-name: Displays information about a peer public key. publickey-name represents a public key by its name, a case-sensitive string of 1 to 64 characters.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display public-key peer command to display information about the specified or all peer public keys on the local device.
With neither the brief keyword nor the name publickey-name option specified, the command displays detailed information about all locally saved peer public keys.
You can use the public-key peer command or the public-key peer import sshkey command to get a local copy of a peer public key.
Related commands: public-key peer and public-key peer import sshkey.
Examples
# Display detailed information about the peer public key named idrsa saved on the local device.
<Sysname> display public-key peer name idrsa
=====================================
Key Name : idrsa
Key Type : RSA
Key Module: 1024
=====================================
Key Code:
30819D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0C01C7CE136BA76C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB39B3F39C5CE56C95B6AB7442D56393BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFFB58BE6F035FAA2C596B27D1231D159846B7CB9A7757C5800FADA9FD72F65672F4A549EE99F63095E11BD37789955020123
Table 2 Output description
|
Field |
Description |
|
Key Name |
Name of the peer public key |
|
Key Type |
Key type, RSA or DSA |
|
Key Module |
Key modulus length in bits |
|
Key Code |
Public key data |
# Display brief information about all locally saved peer public keys.
<Sysname> display public-key peer brief
Type Module Name
---------------------------
RSA 1024 idrsa
DSA 1024 10.1.1.1
Table 3 Output description
|
Field |
Description |
|
Type |
Key type, RSA or DSA. |
|
Module |
Key modulus length in bits |
|
Name |
Name of the public key |
peer-public-key end
Syntax
peer-public-key end
View
Public key view
Default level
2: System level
Parameters
None
Description
Use the peer-public-key end command to return from public key view to system view.
Related commands: public-key peer.
Examples
# Exit public key view.
<Sysname> system-view
[Sysname] public-key peer key1
[Sysname-pkey-public-key] peer-public-key end
[Sysname]
public-key-code begin
Syntax
public-key-code begin
View
Public key view
Default level
2: System level
Parameters
None
Description
Use the public-key-code begin command to enter public key code view. Then input the key data in the correct format to specify the peer public key. Spaces and carriage returns are allowed between characters, but are not saved.
If the peer device is an H3C device, input the key data displayed by the display public-key local public command so that the key is format compliant.
Related commands: public-key peer and public-key-code end.
Examples
# Enter public key code view and input the key.
[Sysname] public-key peer key1
[Sysname-pkey-public-key] public-key-code begin
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
public-key-code end
Syntax
public-key-code end
View
Public key code view
Default level
2: System level
Parameters
None
Description
Use the public-key-code end command to return from public key code view to public key view and to save the configured public key.
The system verifies the key before saving it. If the key is not in the correct format, the system discards the key and displays an error message. If the key is valid, the system saves the key.
Related commands: public-key peer and public-key-code begin.
Examples
# Exit public key code view and save the configured public key.
<Sysname> system-view
[Sysname] public-key peer key1
[Sysname-pkey-public-key] public-key-code begin
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
[Sysname-pkey-key-code] public-key-code end
[Sysname-pkey-public-key]
public-key local create
Syntax
public-key local create { dsa |rsa }
View
System view
Default level
2: System level
Parameters
dsa: Specifies a DSA key pair.
rsa: Specifies an RSA key pair.
Description
Use the public-key local create command to create local key pairs. The created local key pairs are automatically saved, and can survive a reboot.
By default, no asymmetric key pair is created.
When using this command to create DSA or RSA key pairs, you are asked to provide the length of the key modulus. The modulus length is in the range of 512 to 2048 bits, and defaults to 1024 bits. If the type of key pair already exists, the system asks you whether you want to overwrite it.
Related commands: public-key local destroy and display public-key local public.
Examples
# Create local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local create rsa
Warning: The local key pair already exist.
Confirm to replace them? [Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++++++++++
+++++++
+++++++++
+++
# Create a local DSA key pair.
<Sysname> system-view
[Sysname] public-key local create dsa
Warning: The local key pair already exist.
Confirm to replace them? [Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
public-key local destroy
Syntax
public-key local destroy { dsa | rsa }
View
System view
Default level
2: System level
Parameters
dsa: DSA key pair.
rsa: RSA key pair.
Description
Use the public-key local destroy command to destroy the local asymmetric key pairs.
Related commands: public-key local create.
Examples
# Destroy the local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local destroy rsa
Warning: Confirm to destroy these keys? [Y/N]:y
# Destroy the local DSA key pair.
<Sysname> system-view
[Sysname] public-key local destroy dsa
Warning: Confirm to destroy these keys? [Y/N] :y
public-key local export dsa
Syntax
public-key local export dsa { openssh | ssh2 } [ filename ]
View
System view
Default level
1: Monitor level
Parameters
openssh: Uses the format of OpenSSH.
ssh2: Uses the format of SSH2.0.
filename: Name of the file for storing the public key.
Description
Use the public-key local export dsa command without the filename argument to display the host public key of the local DSA key pair in a specific format.
Use the public-key local export dsa command with the filename argument to export the host public key of the local DSA key pair to the specified file.
SSH2.0 and OpenSSH are different public key formats. Choose the proper format that is supported on the device where you import the host public key.
Related commands: public-key local create and public-key local destroy.
Examples
# Export the local DSA public key in OpenSSH format to the file named key.pub.
<Sysname> system-view
[Sysname] public-key local export dsa openssh key.pub
# Display the local DSA public key in SSH2.0 format.
<Sysname> system-view
[Sysname] public-key local export dsa ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20061025"
AAAAB3NzaC1kc3MAAACBANdXJixFhMRMIR8YvZbl8GHE8KQj9/5ra4WzTO9yzhSg06UiL+CM7OZb5sJlhUiJ3B7b0T7IsnTan3W6Jsy5h3I2Anh+kiuoRCHyLDyJy5sG/WD+AZQd3Xf+axKJPadu68HRKNl/BnjXcitTQchQbzWCFLFqL6xLNolQOHgRx9ozAAAAFQDHcyGMc37I7pk7Ty3tMPSO2s6RXwAAAIEAgiaQCeFOxHS68pMuadOx8YUXrZWUGEzN/OrpbsTV75MTPoS0cJPFKyDNNdAkkrOVnsZJliW8T6UILiLFs3ThbdABMs5xsCAhcJGscXthI5HHbB+y6IMXwb2BcdQey4PiEMA8ybMugQVhwhYhxz1tqsAo9LFYXaf0JRlxjMmwnu8AAACBAMoAntnKNEUhJUyMhEr0bji4MelDmsZyDaadRG7UONHs6gN/0aLYE/ptjKQvesXdKbv+FDnLq5C91bsBxXS3C1CEtF8ifxm60kUQz7T3R0+r5xEjRaFrwdxxTk9Vwpvzm1SPJa9V8W4A0dt3xksktTU51303szQVrD1cMMYZ5YAU
---- END SSH2 PUBLIC KEY ----
# Display the local DSA public key in OpenSSH format.
<Sysname> system-view
[Sysname] public-key local export dsa openssh
ssh-dss AAAAB3NzaC1kc3MAAACBANdXJixFhMRMIR8YvZbl8GHE8KQj9/5ra4WzTO9yzhSg0
6UiL+CM7OZb5sJlhUiJ3B7b0T7IsnTan3W6Jsy5h3I2Anh+kiuoRCHyLDyJy5sG/WD+AZQd3Xf+axKJPadu68HRKNl/BnjXcitTQchQbzWCFLFqL6xLNolQOHgRx9ozAAAAFQDHcyGMc37I7pk7Ty3tMPSO2s6RXwAAAIEAgiaQCeFOxHS68pMuadOx8YUXrZWUGEzN/OrpbsTV75MTPoS0cJPFKyDNNdAkkrOVnsZJliW8T6UILiLFs3ThbdABMs5xsCAhcJGscXthI5HHbB+y6IMXwb2BcdQey4PiEMA8ybMugQVhwhYhxz1tqsAo9LFYXaf0JRlxjMmwnu8AAACBAMoAntnKNEUhJUyMhEr0bji4MelDmsZyDaadRG7UONHs6gN/0aLYE/ptjKQvesXdKbv+FDnLq5C91bsBxXS3C1CEtF8ifxm60kUQz7T3R0+r5xEjRaFrwdxxTk9Vwpvzm1SPJa9V8W4A0dt3xksktTU51303szQVrD1cMMYZ5YAU dsa-key
public-key local export rsa
Syntax
public-key local export rsa { openssh | ssh1 | ssh2 } [ filename ]
View
System view
Default level
2: System level
Parameters
openssh: Uses the format of OpenSSH.
ssh1: Uses the format of SSH1.5.
ssh2: Uses the format of SSH2.0.
filename: Name of the file for storing the public key. For more information about file name, see Fundamentals Configuration Guide.
Description
Use the public-key local export rsa command without the filename argument to display the host public key of the local RSA key pairs in a specific key format.
Use the public-key local export rsa command with the filename argument to export the host public key of the local RSA key pairs to a specific file.
SSH1, SSH2.0 and OpenSSH are different public key formats for different requirements. Choose the proper format that is supported on the device where you import the host public key.
Related commands: public-key local create and public-key local destroy.
Examples
# Export the host public key of the local RSA key pairs in OpenSSH format to the file named key.pub.
<Sysname> system-view
[Sysname] public-key local export rsa openssh key.pub
# Display the host public key of the local RSA key pairs in SSH2.0 format.
<Sysname> system-view
[Sysname] public-key local export rsa ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20061105"
AAAAB3NzaC1yc2EAAAADAQABAAAAgKRkxFoZ+T72Srs9c60+j2yrkd0AHBsXBh0Uq+iNvE12PaYR1On4x+aNlwe9fjW1PYgzH+DRkTpiMrn3j2pIs7gaJXvefTW94rbVWJ94uiSDk1NLX1JcoTtWnQcVhft3mUZ+J0jBEhAcw4bROe7/qr6l7VTCo9FBZ0XgKuHroovX
---- END SSH2 PUBLIC KEY ----
# Display the host public key of the local RSA key pairs in OpenSSH format.
<Sysname> system-view
[Sysname] public-key local export rsa openssh
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgLxMOSqXc0pjO6Dx2wH4TrUSKOyGreHbpZfg2Q
Zv3E8Ed2zqNhDSV4NB9dBJFDZW8Sh1AsBtOdOfKPD1y6Yw2ozRwW7OinplKC8kB+h1fnk33M2122IM0fRxQBtxFxOXAjSERKLYkASXqHuNXxPWHE3vo9FKfcB2JHkfwdIm9i3z rsa-key
public-key peer
Syntax
public-key peer keyname
undo public-key peer keyname
View
System view
Default level
2: System level
Parameters
keyname: Specifies a name for the peer public key on the local device, a case-sensitive string of 1 to 64 characters.
Description
Use the public-key peer command to specify a name for the peer public key and enter public key view.
Use the undo public-key peer command to remove the public key.
To manually configure a peer public key on the local device, obtain the public key (in hexadecimal) from the peer device beforehand, and perform the following configurations on the local device:
1. Execute the public-key peer command, and then the public-key-code begin command to enter public key code view.
2. Type the peer public key.
3. Execute the public-key-code end command to save the public key and return to public key view.
4. Execute the peer-public-key end command to return to system view.
Related commands: public-key-code begin and public-key-code end.
Examples
# Specify the name for the peer public key as key1 and enter public key view.
<Sysname> system-view
[Sysname] public-key peer key1
[Sysname-pkey-public-key]
public-key peer import sshkey
Syntax
public-key peer keyname import sshkey filename
undo public-key peer keyname
View
System view
Default level
2: System level
Parameters
keyname: Specifies a public key name, a case-sensitive string of 1 to 64 characters.
filename: Specifies the name of the file that saves a peer host public key. For more information about file name, see Fundamentals Configuration Guide.
Description
Use the public-key peer import sshkey command to import a peer host public key from the public key file.
Use the undo public-key peer command to remove the specified peer host public key.
After execution of this command, the system automatically transforms the peer host public key to the PKCS format, and imports the key. This operation requires that you get a copy of the public key file from the peer device through FTP or TFTP in binary mode in advance.
The device supports importing public keys in the format of SSH1.5, SSH2.0, and OpenSSH.
Related commands: display public-key peer.
Examples
# Import the peer host public key named key2 from the public key file key.pub.
<Sysname> system-view
[Sysname] public-key peer key2 import sshkey key.pub
