Configuring A Client's Host Public Key - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
Step
3.
Set the login authentication
mode to scheme.
Configuring a client's host public key
In publickey authentication, the server compares the SSH username and the client's host public key
received from the client with those locally saved. If they are consistent, the server checks the digital
signature that the client sends. The digital signature is generated by the client based on the private key
that is associated with the host public key.
For SSH servers that use publickey authentication, password-publickey authentication, or any
authentication, you must perform the following tasks:
1.
Configure the client's DSA or RSA host public key on the server. HP recommends that you
configure no more than 20 SSH client host public keys on an SSH server.
2.
Specify the associated host private key on the client to generate the digital signature. If the device
acts as an SSH client, specify the public key algorithm on the client. The algorithm determines the
associated host private key for generating the digital signature.
You can configure the host public key of an SSH client by using one of the following methods:
Manually entering the content of the host public key—You can type or copy the client's host public
•
key from the client to the SSH server. If you use this method, the host public key must be in the DER
encoding format without being converted.
Before entering the client's host public key, use the display public-key local public command on the
client to display the client's host public key. A host public key obtained in other ways might result
in incorrect format and cannot be saved on the server.
Importing the host public key from the public key file—This method is more preferred. Before you
•
import the host public key, upload the client's public key file (in binary) to the server, for example,
through FTP or TFTP. During the import process, the server automatically converts the host public key
in the public key file to a string in PKCS format.
Manually entering the content of the host public key
Step
1.
Enter system view.
2.
Enter public key view.
3.
Configure a client's host
public key.
Command
authentication-mode scheme
Command
system-view
public-key peer keyname
Enter the content of the host public
key
250
Remarks
By default, the authentication
mode is password.
For more information about this
command, see Fundamentals
Command Reference.
Remarks
N/A
N/A
When you enter the contents for a
host public key, you can use
spaces and carriage returns
between characters. When you
save the host public key, spaces
and carriage returns are removed
automatically.
For more information, see
"Managing public
keys."
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
