Step
2.
Display local host public keys
in a specific format.
Displaying a host public key
Display a host public key and copy it to an unformatted file. You must literally enter the key on the peer
device.
Perform the following tasks in any view:
Task
Display local RSA public keys.
Display local DSA public keys.
NOTE:
Do not distribute the RSA server public key serverkey (default) to a peer device.
Destroying a local key pair
To avoid key compromise, destroy the local key pair and generate a new pair after any of the following
conditions occurs:
An intrusion event has occurred.
•
The storage media of the device is replaced.
•
•
The local certificate has expired. For more information about local certificates, see
PKI."
To destroy a local key pair:
Step
1.
Enter system view.
Destroy a local key pair.
2.
Configuring a peer public key
To encrypt information sent to a peer device or authenticate the digital signature of the peer device, you
must configure the peer device's public key on the local device.
Command
•
Display RSA host public keys:
In non-FIPS mode:
public-key local export rsa [ name key-name ] { openssh | ssh1 |
ssh2 }
In FIPS mode:
public-key local export rsa [ name key-name ] { openssh | ssh2 }
•
Display DSA host public keys:
public-key local export dsa [ name key-name ] { openssh | ssh2 }
Command
display public-key local rsa public [ name key-name ]
display public-key local dsa public [ name key-name ]
Command
system-view
public-key local destroy { dsa |
rsa } [ name key-name ]
126
"Configuring
Remarks
N/A
N/A