Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-Public Key Commands | 86.24 KB |
display public-key local public
Use display public-key local publicto display the public key information of local asymmetrickey pairs.
Syntax
display public-key local {ecdsa| rsa} public [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
ecdsa: Specifies the ECDSA key pair.
rsa: Specifies theRSA key pairs.
|: Filters command output by specifying a regular expression. For more information about regular expressions, seeFundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display the public key information of the local RSA key pairs.
<Sysname>display public-key local rsa public
=====================================================
Time of Key pair created: 19:59:16 2013/10/25
Key name: HOST_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
30819F300D06092A864886F70D010101050003818D0030818902818100BC4C392A97734A633BA0F1DB01F
84EB51228EC86ADE1DBA597E0D9066FDC4F04776CEA3610D2578341F5D049143656F1287502C06D39D39F
28F0F5CBA630DA8CD1C16ECE8A7A65282F2407E8757E7937DCCDB5DB620CD1F471401B711713970234844
4A2D8900497A87B8D5F13D61C4DEFA3D14A7DC07624791FC1D226F62DF30203010001
=====================================================
Time of Key pair created: 19:59:17 2013/10/25
Key name: SERVER_KEY
Key type: RSA Encryption Key
=====================================================
Key code:
307C300D06092A864886F70D0101010500036B003068026100C51AF7CA926962284A4654B2AACC7B2AE12
B2B1EABFAC1CDA97E42C3C10D7A70D1012BF23ADE5AC4E7AAB132CFB6453B27E054BFAA0A85E113FBDE75
1EE0ECEF659529E857CF8C211E2A03FD8F10C5BEC162B2989ABB5D299D1E4E27A13C7DD10203010001
# Display the public key information of the local ECDSA key pair.
<Sysname> display public-key local ecdsa public
=====================================================
Time of Key pair created: 10:49:32 2013/10/26
Key name: HOST_KEY
Key type: ECDSA Encryption Key
=====================================================
Key code:
3049301306072A8648CE3D020106082A8648CE3D03010103320004CE56C7870239FEA15B3D1B0C2BA236D
287294F4DE3F07D7F5D42EF4ABEEF989E5005E9B56F0825BB6B2F054D984AFE29
Table 1 Command output
|
Field |
Description |
|
Time of Key pair created |
Date and time when thelocal asymmetric key pairwascreated. |
|
Key name |
Key name: · HOST_KEY—Host public key. · SERVER_KEY—Server public key.This value is available only for RSA key pairs. |
|
Key type |
Key type: · RSA Encryption Key—RSA key pair. · ECDSA Encryption Key—ECDSA key pair. |
|
Key code |
Public key data. |
Related commands
public-key local create
display public-key peer
Use display public-key peerto display information about the specified or all peer public keyson the local device.
Syntax
display public-key peer [brief | name publickey-name] [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
brief: Displays brief information about all peer public keys.
name publickey-name: Displays information about a peer public key. publickey-namerepresentsa public key by its name, acase-sensitive string of 1 to 64 characters.
|: Filters command output by specifying a regular expression. For more information about regular expressions, seeFundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
Withneither the brief keyword nor the namepublickey-nameoptionspecified, the command displays detailed information about all locally savedpeer public keys.
You can use the public-key peer command or the public-key peer import sshkey command to get a local copy of a peer public key.
Examples
# Display detailed information about the peer host public key named idrsa.
<Sysname>display public-key peernameidrsa
=====================================
Key Name : idrsa
Key Type : RSA
Key Module: 1024
=====================================
Key Code:
30819D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0C01C7CE136B
A76C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB39B3F39C5CE56C95B6AB74
42D56393BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFFB58BE6F035FAA2C596B27D1231D159846
B7CB9A7757C5800FADA9FD72F65672F4A549EE99F63095E11BD37789955020123
Table 2 Command output
|
Field |
Description |
|
Key Name |
Name of the public key. |
|
Key Type |
Key type:RSA or ECDSA. |
|
Key Module |
Key modulus length in bits. |
|
Key Code |
Public key data. |
# Display brief information aboutall locally saved peer public keys.
<Sysname> display public-key peer brief
Type Module Name
---------------------------
RSA 1024 idrsa
Table 3 Command output
|
Field |
Description |
|
Type |
Key type:RSA or ECDSA. |
|
Module |
Key modulus length in bits. |
|
Name |
Name of the public key. |
Related commands
· public-key peer
· public-key peerimportsshkey
peer-public-key end
Use peer-public-keyendto return from public key view to system view.
Syntax
peer-public-key end
Views
Public key view
Default command level
2: System level
Related commands
public-key peer
Examples
# Exit public key view.
<Sysname> system-view
[Sysname]public-key peer key1
[Sysname-pkey-public-key] peer-public-key end
[Sysname]
public-key-code begin
Use public-key-code beginto enter public key code view. Then,enter the key data in the correct format to specify the peer public key. Spaces and carriage returns are allowed between characters, but are not saved.
Syntax
public-key-code begin
Views
Public key view
Default command level
2: System level
Usage guidelines
If the peerdevice is an H3C device, input the key data displayed by the display public-key local public commandso that the key is format compliant.
Examples
# Enter public key code view and input the key.
[Sysname]public-key peer key1
[Sysname-pkey-public-key] public-key-code begin
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
Related commands
· public-key peer
· public-key-code end
public-key-code end
Use public-key-code endto return from public key code view to public key viewand to save the configured public key.
Syntax
public-key-code end
Views
Public key code view
Default command level
2: System level
Usage guidelines
The system verifies the key before saving it. If the key is not in the correct format, the system discards the key and displays an error message.If the key is valid, the system saves the key.
Examples
# Exit public key code view and save the configured public key.
<Sysname> system-view
[Sysname]public-key peer key1
[Sysname-pkey-public-key] public-key-code begin
[Sysname-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100C0EC8014F82515F6335A0A
[Sysname-pkey-key-code]EF8F999C01EC94E5760A079BD73E4F4D97F3500EDB308C29481B77E719D1643135877E13B1C531B4
[Sysname-pkey-key-code]FF1877A5E2E7B1FA4710DB0744F66F6600EEFE166F1B854E2371D5B952ADF6B80EB5F52698FCF3D6
[Sysname-pkey-key-code]1F0C2EAAD9813ECB16C5C7DC09812D4EE3E9A0B074276FFD4AF2050BD4A9B1DDE675AC30CB020301
[Sysname-pkey-key-code]0001
[Sysname-pkey-key-code] public-key-code end
[Sysname-pkey-public-key]
Related commands
· public-key peer
· public-key-code begin
public-key local create
Use public-key local createto create local asymmetrickey pairs. The created local key pairs areautomatically saved, and can survive a reboot.
Syntax
public-key local create{ ecdsa | rsa }
Default
No asymmetric key pair is created.
Views
System view
Default command level
2: System level
Parameters
ecdsa: Specifies the ECDSA key pair.
rsa: Specifies the RSA key pairs.
Usage guidelines
When using this command to create RSA key pairs, you areasked to provide the length of the key modulus. The moduluslengthis in the range of 512 to 2048 bits, and the default is 1024 bits. If the type of key pair already exists, the system asks you whether you want to overwrite it.
The modulus length of an ECDSA public key is always 192 bits.
Examples
# Create local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++++++++++
+++++++
+++++++++
+++
# Create a local ECDSA key pair.
[Sysname] public-key local create ecdsa
Generating Keys...
...
Related commands
· public-key local destroy
· display public-key local public
public-key local destroy
Use public-key local destroyto destroy the local asymmetric key pairs.
Syntax
public-key local destroy {ecdsa|rsa }
Views
System view
Default command level
2: System level
Parameters
ecdsa: ECDSA key pair.
rsa: RSA key pair.
Examples
# Destroy the local RSA key pairs.
<Sysname> system-view
[Sysname] public-key local destroy rsa
Warning: Confirm to destroy these keys? [Y/N]:y
# Destroy the local ECDSA key pair.
<Sysname> system-view
[Sysname] public-key local destroy ecdsa
Warning: Confirm to destroy these keys? [Y/N]:y
Related commands
public-key local create
public-key local exportrsa
Use public-key local export rsawithout the filenameargumentto display the host public key of the local RSA key pairsin a specific key format.
Use public-key local export rsawith the filenameargument to export the host public key of the local RSA key pairs to a specific file.
Syntax
public-key local export rsa { openssh |ssh1 |ssh2 }[ filename]
Views
System view
Default command level
2: System level
Parameters
openssh: Uses the format of OpenSSH.
ssh1: Uses the format of SSH1.5.
ssh2: Uses the format of SSH2.0.
filename: Specifies the name of the file for storing the host public key. For moreinformation about file names, seeFundamentals Configuration Guide.
Usage guidelines
SSH1, SSH2.0 and OpenSSH are different public key formats for different requirements.
Examples
# Export the host public key of the local RSA key pairs in OpenSSH format to thefile named key.pub.
<Sysname> system-view
[Sysname] public-key local export rsa openssh key.pub
# Display the host public key of the local RSA key pairs in SSH2.0 format.
<Sysname>system-view
[Sysname] public-key local export rsa ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20130625"
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5NIc5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpOpzh3W768/+u1riz+1LcwVTs51Q==
---- END SSH2 PUBLIC KEY ----
# Display the host public key of the local RSA key pairs in OpenSSH format.
<Sysname>system-view
[Sysname] public-key local export rsa openssh
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAo0dVYR1S5f30eLKGNKuqb5HU3M0TTSaGlER2GmcRI2sgSegbo1x6ut5NIc5+jJxuRCU4+gMc76iS8d+2d50FqIweEkHHkSG/ddgXt/iAZ6cY81bdu/CKxGiQlkUpbw4vSv+X5KeE7j+o0MpOpzh3W768/+u1riz+1LcwVTs51Q== rsa-key
Related commands
· public-key local create
· public-key local destroy
public-key peer
Use public-key peerto specify a name for the peer public key and enter public key view.
Use undo public-key peer to remove thepublic key.
Syntax
public-key peerkeyname
undo public-key peerkeyname
Views
System view
Default command level
2: System level
Parameters
keyname: Specifies a name for the peer public key on the local device, a case-sensitive string of 1 to 64 characters.
Usage guidelines
To manually configure the peer public key on the local device, obtain the public key in hexadecimalfrom the peer device beforehand, and performthe following configurations on the local device:
1. Execute the public-key peercommand, and then the public-key-code begin command to enter public key code view.
2. Type the peer public key.
3. Execute the public-key-code end command to save the public key and return to public key view.
4. Execute the peer-public-keyend command to return to system view.
Examples
# Specify the name for thepeer public key as key1and enter public key view.
<Sysname> system-view
[Sysname] public-key peer key1
[Sysname-pkey-public-key]
Related commands
· public-key-code begin
· public-key-code end
· peer-public-keyend
· display public-key peer
public-key peerimport sshkey
Use public-key peerimportsshkeyto import a peer host public key from the public key file.
Use undo public-key peerto remove the specified peer host public key.
Syntax
public-key peer keynameimportsshkeyfilename
undo public-key peerkeyname
Views
System view
Default command level
2: System level
Parameters
keyname: Specifies a public key name, a case-sensitive string of 1 to 64 characters.
filename: Specifies the name of the file that saves the peer host public key. For moreinformation about file names, seeFundamentals Configuration Guide.
Usage guidelines
After execution of this command, the system automatically transforms the peer host public key to the PKCS format, and imports the key. This operation requires that you get a copy of the public key file from the peer devicethrough FTP or TFTPin binary mode in advance.
The device supports importing public keys in the format of SSH1.5, SSH2.0, and OpenSSH.
Examples
#Import the peer host public key named key2from thepublic key file key.pub.
<Sysname> system-view
[Sysname] public-key peer key2 import sshkey key.pub
Related commands
display public-key peer
