Distributing a local host public key
When two devices communicate, you must distribute the host public keys of the two devices on each
other for the following purposes:
•
Use the public key of the peer device to encrypt information sent to the peer device.
Use the public key of the peer device to authenticate the digital signature signed by the peer
•
device.
To distribute a local host public key:
1.
Record the key or export the key to a file.
2.
Transfer the key, for example, by using FTP or TFTP.
This section describes only how to record the key or export the key to a file.
The following are the methods available for recording or exporting a local host public key:
Exporting a host public key in a specific format to a file. Use this method if you can import public
•
keys from a file into the peer device.
Displaying a host public key in a specific format and saving it to a file. Use this method if you can
•
import public keys from a file into the peer device.
Displaying a host public key. Use this method if you must manually enter the key on the peer device.
•
Exporting a host public key in a specific format to a file
Step
1.
Enter system view.
2.
Export a local host public key
in a specific format to a file.
Displaying a host public key in a specific format and saving it
to a file
After you display a host public key in a specific format, save the key to a file and transfer the file to the
peer device.
To display a local host public key in a specific format:
Step
1.
Enter system view.
Command
system-view
•
Export RSA host public keys:
In non-FIPS mode:
public-key local export rsa [ name key-name ] { openssh | ssh1 |
ssh2 } filename
In FIPS mode:
public-key local export rsa [ name key-name ] { openssh | ssh2 }
filename
•
Export a DSA host public key:
public-key local export dsa [ name key-name ] { openssh | ssh2 }
filename
Command
system-view
125