rsa peer-public-key
Function
The rsa peer-public-key command displays the view of the RSA public key, and specifies an RSA public key name.
The undo rsa peer-public-key command deletes a rsa public key.
By default, no public key is configured.
Format
rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]
undo rsa peer-public-key key-name
Parameters
| Parameter | Description | Value |
|---|---|---|
| key-name | Specifies the rsa public key name. | The value is a string of 1 to 30 case-insensitive characters without spaces. |
| encoding-type | Specifies an encoding format for an RSA public key. | - |
| der | Specifies the DER format for an RSA public key. DER encodes data in hexadecimal format. |
- |
| openssh | Specifies the OpenSSH format for an RSA public key. OpenSSH encodes data in base-64 format. OpenSSH is an encoding format based on PEM. |
- |
| pem | Specifies the PEM format for an RSA public key. PEM encodes data in base-64 format. |
- |
Usage Guidelines
Usage Scenario
When you use an RSA public key for authentication, you must specify the public key of the corresponding client for an SSH user on the server. When the client logs in to the server, the server uses the specified public key to authenticate the client. You can also save the public key generated on the server to the client. Then the client can be successfully authenticated by the server when it logs in to the server for the first time.
Huawei data communications devices support only the DER format for RSA keys. If you use an RSA key in non-DER format, use a third-party tool to convert the key into a key in DER format.
Because a third-party tool is not released with Huawei system software, RSA usability is unsatisfactory. In addition to DER, RSA keys need to support the privacy-enhanced mail (PEM) and OpenSSH formats to improve RSA usability.
- The PuTTY generates RSA keys in PEM format.
- The OpenSSH generates RSA keys in OpenSSH format.
- The OpenSSL generates RSA keys in DER format.
OpenSSL is an open source software. You can download related documents at http://www.openssl.org/.
After you configure an encoding format for an RSA public key, Huawei data communications device automatically generates an RSA public key in the configured encoding format and enters the RSA public key view. Then you can run the public-key-code begin command and manually copy the RSA public key generated on the peer device to the local device.
Prerequisite
The rsa public key in hexadecimal notation on the remote host has been obtained and recorded.
Follow-up Procedure
- Run the public-key-code end command to return to the RSA public key view.
- Run the peer-public-key end command to exit the RSA public key view and return to the system view.
Precautions
If an RSA public key has assigned to an SSH client, release the binding relationship between the public key and the SSH client. If you do not release the binding relationship between them, the undo rsa peer-public-key command will fail to delete the RSA public key.
Example
# Display the rsa public key view.
<AC6605> system-view
[AC6605] rsa peer-public-key rsakey001
[AC6605-rsa-public-key]
<AC6605> system-view
[AC6605] rsa peer-public-key RsaKey001 encoding-type openssh
[AC6605-rsa-public-key]
