Importing a peer public key from a public key file

Network requirements

As shown in Figure 69, to prevent illegal access, Device B (the local device) authenticates Device A (the peer device) through a digital signature. Before configuring authentication parameters on Device B, configure the public key of Device A on Device B.

Figure 69: Network diagram

Configuration procedure

  • Create key pairs on Device A and export the host public key:

  • # Create local RSA key pairs on Device A, setting the modulus length to the default, 1024 bits.

    <DeviceA> system-view
    [DeviceA] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++
    ++++++
    ++++++++
    ++++++++
    

    # Display the public keys of the local RSA key pairs.

    [DeviceA] display public-key local rsa public
    
    =====================================================
    Time of Key pair created: 09:50:06  2012/03/07
    Key name: HOST_KEY
    Key type: RSA Encryption Key
    =====================================================
    Key code:
    30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F814F9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD995C669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326470034DC078B2BAA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A10203010001
    
    =====================================================
    Time of Key pair created: 09:50:07  2012/03/07
    Key name: SERVER_KEY
    Key type: RSA Encryption Key
    =====================================================
    Key code:
    307C300D06092A864886F70D0101010500036B003068026100999089E7AEE9802002D9EB2D0433B87BB6158E35000AFB3FF310E42F109829D65BF70F7712507BE1A3E0BC5C2C03FAAF00DFDDC63D004B4490DACBA3CFA9E84B9151BDC7EECE1C8770D961557D192DE2B36CAF9974B7B293363BB372771C2C1F0203010001
    

    # Export the RSA host public key HOST_KEY to a file named devicea.pub.

    [DeviceA] public-key local export rsa ssh2 devicea.pub
    
  • On Device A, enable the FTP server function, create an FTP user with the username ftp, password 123, and user level 3. This user level guarantees that the user has the permission to perform FTP operations.

  • [DeviceA] ftp server enable
    [DeviceA] local-user ftp
    [DeviceA-luser-ftp] password simple 123
    [DeviceA-luser-ftp] service-type ftp
    [DeviceA-luser-ftp] authorization-attribute level 3
    [DeviceA-luser-ftp] quit
    
  • On Device B, use FTP to log in to Device A, and get the public key file devicea.pub with the file transfer mode of binary.

  • <DeviceB> ftp 10.1.1.1
    Trying 10.1.1.1 ...
    Press CTRL+K to abort
    Connected to 10.1.1.1.
    220 FTP service ready.
    User(10.1.1.1:(none)):ftp
    331 Password required for ftp.
    Password:
    230 User logged in.
    [ftp] binary
    200 Type set to I.
    [ftp] get devicea.pub
    227 Entering Passive Mode (10,1,1,1,5,148).
    125 BINARY mode data connection already open, transfer starting for /devicea.pub.
    226 Transfer complete.
    FTP: 299 byte(s) received in 0.189 second(s), 1.00Kbyte(s)/sec.
    [ftp] quit
    221 Server closing.
    
  • Import the host public key of Device A to Device B:

  • # Import the host public key of Device A from the key file devicea.pub to Device B.

    <DeviceB> system-view
    [DeviceB] public-key peer devicea import sshkey devicea.pub
    

    # Display the host public key of Device A on Device B.

    [DeviceB] display public-key peer name devicea
    
    =====================================
      Key Name  : devicea
      Key Type  : RSA
      Key Module: 1024
    =====================================
    Key Code:
    30819F300D06092A864886F70D010101050003818D0030818902818100D90003FA95F5A44A2A2CD3F814F9854C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD995C669A784AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326470034DC078B2BAA3BC3BCA80AAB5EE01986BD1EF64B42F17CCAE4A77F1EF999B2BF9C4A10203010001
    

    The output shows that the host public key of Device A saved on Device B is consistent with the one created on Device A.