Manually specifying the peer public key on the local device

Network requirements

As shown in Figure 68, to prevent illegal access, Device B (the local device) authenticates Device A (the peer device) through a digital signature. Before configuring authentication parameters on Device B, configure the public key of Device A on Device B.

Figure 68: Network diagram

Configuration procedure

  • Configure Device A;

  • # Create local RSA key pairs on Device A, setting the modulus length to the default, 1024 bits.

    <DeviceA> system-view
    [DeviceA] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++
    ++++++
    ++++++++
    ++++++++
    

    # Display the public keys of the local RSA key pairs.

    [DeviceA] display public-key local rsa public
    
    =====================================================
    Time of Key pair created: 09:50:06  2012/03/07
    Key name: HOST_KEY
    Key type: RSA Encryption Key
    =====================================================
    Key code:
    30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F814F9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD995C669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326470034DC078B2BAA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A10203010001
    
    =====================================================
    Time of Key pair created: 09:50:07  2012/03/07
    Key name: SERVER_KEY
    Key type: RSA Encryption Key
    =====================================================
    Key code:
    307C300D06092A864886F70D0101010500036B003068026100999089E7AEE9802002D9EB2D0433B87BB6158E35000AFB3FF310E42F109829D65BF70F7712507BE1A3E0BC5C2C03FAAF00DFDDC63D004B4490DACBA3CFA9E84B9151BDC7EECE1C8770D961557D192DE2B36CAF9974B7B293363BB372771C2C1F0203010001
    
  • Configure Device B:

  • # Configure the host public key of Device A's RSA key pairs on Device B. In public key code view, input the host public key of Device A. The host public key is the content of HOST_KEY displayed on Device A by using the display public-key local dsa public command.

    <DeviceB> system-view
    [DeviceB] public-key peer devicea
    Public key view: return to System View with "peer-public-key end".
    [DeviceB-pkey-public-key] public-key-code begin
    Public key code view: return to last view with "public-key-code end".
    [DeviceB-pkey-key-code]30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F814F9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD995C669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326470034DC078B2BAA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A10203010001
    [DeviceB-pkey-key-code] public-key-code end
    [DeviceB-pkey-public-key] peer-public-key end
    

    # Display the host public key of Device A saved on Device B.

    [DeviceB] display public-key peer name devicea
    
    =====================================
      Key Name  : devicea
      Key Type  : RSA
      Key Module: 1024
    =====================================
    Key Code:
    30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F814F9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD995C669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326470034DC078B2BAA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A10203010001
    

    The output shows that the host public key of Device A saved on Device B is consistent with the one created on Device A.