Example for entering a peer host public key

Network requirements

As shown in Figure 80, to prevent illegal access, Device B authenticates Device A through a digital signature. Before configuring authentication parameters on Device B, configure the public key of Device A on Device B.

Figure 79: Network diagram

Configuration procedure

  1. Configure Device A:

    # Create local RSA key pairs with default names on Device A, and use the default modulus length 1024 bits.

    <DeviceA> system-view
    [DeviceA] public-key local create rsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    .................++++++
    ......................................++++++
    .....++++++++
    ..............++++++++
    Create the key pair successfully.
    

    # Display all local RSA public keys.

    [DeviceA] display public-key local rsa public
    =============================================
    Key name: hostkey (default)
    Key type: RSA
    Time when key pair created: 16:48:31 2011/05/12
    Key code:
       30819F300D06092A864886F70D010101050003818D0030818902818100DA3B90F59237347B
       8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027AC8F04A827B30C2CAF79242E
       45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D288EC54A5D31EFAE4F681257
       6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94EB1F2D561BF66EA27DFD4788
       CB47440AF6BB25ACA50203010001
    =============================================
    Key name: serverkey (default)
    Key type: RSA
    Time when key pair created: 16:48:31 2011/05/12
    Key code:
       307C300D06092A864886F70D0101010500036B003068026100C9451A80F7F0A9BA1A90C7BC
       1C02522D194A2B19F19A75D9EF02219068BD7FD90FCC2AF3634EEB9FA060478DD0A1A49ACE
       E1362A4371549ECD85BA04DEE4D6BB8BE53B6AED7F1401EE88733CA3C4CED391BAE633028A
       AC41C80A15953FB22AA30203010001
    
  2. Configure Device B:

    # Enter the host public key of Device A in public key view. The key must be literally the same as displayed on Device A.

    <DeviceB> system-view
    [DeviceB] public-key peer devicea
    Enter public key view. Return to system view with "peer-public-key end" command.
    [DeviceB-pkey-public-key-devicea]30819F300D06092A864886F70D010101050003818D003081890
    2818100DA3B90F59237347B
    [DeviceB-pkey-public-key-devicea]8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027A
    C8F04A827B30C2CAF79242E
    [DeviceB-pkey-public-key-devicea]45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D2
    88EC54A5D31EFAE4F681257
    [DeviceB-pkey-public-key-devicea]6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94E
    B1F2D561BF66EA27DFD4788
    [DeviceB-pkey-public-key-devicea]CB47440AF6BB25ACA50203010001
    

    # Save the public key and return to system view.

    [DeviceB-pkey-public-key-devicea] peer-public-key end
    

Verifying the configuration

# Verify that the peer host public key configured on Device B is the same as the key displayed on Device A.

[DeviceB] display public-key peer name devicea

=============================================
Key name: devicea
Key type: RSA
Key modulus: 1024
Key code:
   30819F300D06092A864886F70D010101050003818D0030818902818100DA3B90F59237347B
   8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027AC8F04A827B30C2CAF79242E
   45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D288EC54A5D31EFAE4F681257
   6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94EB1F2D561BF66EA27DFD4788
   CB47440AF6BB25ACA50203010001