Displaying the public key

The switch provides three options for displaying its public key. This is helpful if you need to visually verify that the public key the switch is using for authenticating itself to a client matches the copy of this key in the client's "known hosts" file:

  • Non-encoded ASCII numeric string:

    Requires a client ability to display the keys in the "known hosts" file in the ASCII format. This method is tedious and error-prone due to the length of the keys. See Providing the switch public key to clients.

    The switch always uses an ASCII version of its public key, without babble or fingerprint conversion, for file storage and default display format.

  • Phonetic hash:

    Outputs the key as a relatively short series of alphabetic character groups. Requires a client ability to convert the key to this format.

  • Hexadecimal hash:

    Outputs the key as a relatively short series of hexadecimal numbers. Requires a parallel client ability.

Procedure
Enter the show crypto host-public-key command.

For example, on the switch, generate the phonetic and hexadecimal versions of the switch public key as follows:

Figure 75: Visual phonetic and hexadecimal conversions of the switch public key

The two commands shown in example convert the displayed format of the switch (host) public key for easier visual comparison of the switch public key to a copy of the key in a client's "known host" file. The switch has only one RSA host key.

The babble and fingerprint options produce two hashes for the key that corresponds to the challenge hash you will see if connecting with a v1 client, and the other corresponding to the hash you will see if connecting with a v2 client. These hashes do not correspond to different keys, but differ only because of the way v1 and v2 clients compute the hash of the same RSA key.