To do...
Enter system view
Export and save the local RSA host
public key in a specific format to a
file
Export and save the local DSA host
public key in a specific format to a
file
Destroying a local asymmetric key pair
You may need to destroy a local asymmetric key pair and generate a new pair when an intrusion event
has occurred, the storage media of the device is replaced, the asymmetric key has been used for a long
time, or the local certificate expires. For more information about the local certificate, see the chapter "PKI
configuration."
Follow these steps to destroy a local asymmetric key pair:
To do...
Enter system view
Destroy a local asymmetric key
pair
Specifying the peer public key on the local device
In SSH, to enable the local device to authenticate a peer device, specify the peer public key on the local
device. Take one of the following methods:
Method
Import the public key from a public
key file (recommended)
Manually configure the public key
—input or copy the key data
Use the command...
system-view
public-key local export rsa
{ openssh | ssh1 | ssh2 } filename
public-key local export dsa
{ openssh | ssh2 } filename
Use the command...
system-view
public-key local destroy { dsa |
rsa }
Prerequisites
1.
Save the host public key of the
intended asymmetric key pair
in a file.
2.
Transfer a copy of the file
through FTP or TFTP in binary
mode to the local device.
•
Display and record the public
key of the intended asymmetric
key pair.
•
If the peer device is an HP
device, use the display
public-key local public
command to view and record
its public key. A public key
displayed by other methods for
the HP device may not be in a
correct format.
233
Remarks
—
Required
Use at least one command.
Remarks
—
Required
Remarks
During the import process, the
system automatically converts the
public key to a string in Public Key
Cryptography Standards (PKCS)
format.
•
The recorded public key must
be in the correct format, or the
manual configuration of a
format-incompliant public key
will fail.
•
Always use the first method if
you are not sure about the
format of the recorded public
key.