•
Display a host public key.
After the key is displayed, record the key, for example, copy it to an unformatted file. On the
peer device, you must literally enter the key.
Exporting a host public key
When you export a host public key, follow these restrictions and guidelines:
•
If you specify a file name in the command, the command exports the key to the specified file.
•
If you do not specify a file name, the command exports the key to the monitor screen. You must
manually save the exported key to a file.
To export a local host public key:
Step
1.
Enter system view.
2.
Export a local host public
key.
Displaying a host public key
Perform the following tasks in any view:
Task
Display local RSA public keys.
Display local DSA public keys.
NOTE:
Do not distribute the RSA server public key serverkey (default) to a peer device.
Destroying a local key pair
To avoid key compromise, destroy the local key pair and generate a new pair after any of the
following conditions occurs:
•
An intrusion event has occurred.
•
The storage media of the device is replaced.
•
The local certificate has expired. For more information about local certificates, see
PKI."
To destroy a local key pair:
Command
system-view
•
Export an RSA host public key:
In non-FIPS mode:
public-key local export rsa [ name key-name ] { openssh |
ssh1 | ssh2 } [ filename ]
In FIPS mode:
public-key local export rsa [ name key-name ] { openssh |
ssh2 } [ filename ]
•
Export a DSA host public key:
public-key local export dsa [ name key-name ] { openssh |
ssh2 } [ filename ]
Command
display public-key local rsa public [ name key-name ]
display public-key local dsa public [ name key-name ]
238
"Configuring