No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
rsa peer-public-key

rsa peer-public-key

Function

The rsa peer-public-key command configures an encoding format for an RSA public key and displays the RSA public key view.

The undo rsa peer-public-key command deletes a public key.

By default, the encoding format is distinguished encoding rules (DER) for an RSA public key.

Format

rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]

undo rsa peer-public-key key-name

Parameters

Parameter Description Value
key-name Specifies thersa public key name. The value is a string of 1 to 30 case-insensitive characters without spaces.
NOTE:

When double quotation marks are used around the string, spaces are allowed in the string.

encoding-type Specifies an encoding format for an RSA public key. -
der

Specifies the DER format for an RSA public key.

DER encodes data in hexadecimal format.

-
openssh

Specifies the OpenSSH format for an RSA public key.

OpenSSH encodes data in base-64 format.

OpenSSH is an encoding format based on PEM.

-
pem

Specifies the PEM format for an RSA public key.

PEM encodes data in base-64 format.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When you use an RSA public key for authentication, you must specify the public key of the corresponding client for an SSH user on the server. When the client logs in to the server, the server uses the specified public key to authenticate the client. You can also save the public key generated on the server to the client. Then the client can be successfully authenticated by the server when it logs in to the server for the first time.

Huawei data communications devices support the DER, OpenSSH and PEM formats for RSA keys. If you use an RSA key in non-DER/OpenSSH/PEM format, use a third-party tool to convert the key into a key in DER, OpenSSH or PEM format.

Because a third-party tool is not released with Huawei system software, RSA usability is unsatisfactory. In addition to DER, RSA keys need to support the privacy-enhanced mail (PEM) and OpenSSH formats to improve RSA usability.

Third-party software, such as SecureCRT, PuTTY, OpenSSH, and OpenSSL, can be used to generate RSA keys in different formats. The details are as follows:
  • The SecureCRT and PuTTY generate RSA keys in PEM format.
  • The OpenSSH generates RSA keys in OpenSSH format.
  • The OpenSSL generates RSA keys in DER format.

OpenSSL is an open source software. You can download related documents at http://www.openssl.org/.

After you configure an encoding format for an RSA public key, Huawei data communications device automatically generates an RSA public key in the configured encoding format and enters the RSA public key view. Then you can run the public-key-code begin command and manually copy the RSA public key generated on the peer device to the local device.

Usage Scenario

Prerequisite

The public key on the remote host has been obtained and recorded.

Follow-up Procedure

After you copy the RSA public key generated on the peer device to the local device, perform the following operations to exit the RSA public key view:
  1. Run the public-key-code end command to return to the RSA public key view.
  2. Run the peer-public-key end command to exit the RSA public key view and return to the system view.

Precautions

The public key on the client is randomly generated by the client software.

If an RSA public key has assigned to an SSH client, release the binding relationship between the public key and the SSH client. If you do not release the binding relationship between them, the undo rsa peer-public-key command will fail to delete the RSA public key.

The peer public key supports only PKCS#1. Other PKCS versions are not supported.

Example

# Configure the encoding format for an RSA public key and displays the RSA public key view.
<Huawei> system-view
[Huawei] rsa peer-public-key rsakey001
Enter "RSA public key" view, return system view with "peer-public-key end".
NOTE: The number of the bits of public key must be between 769 and 2048.
[Huawei-rsa-public-key]
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 61800

Downloads: 107

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next