Configuring a client's host public key
This configuration task is only necessary for the clients that directly send the public key to the server in publickey authentication.
During publickey authentication, the server compares the SSH username and client's host public key received from the client with those saved locally. If they are consistent, the server examines the digital signature that the client sends. The digital signature is calculated by the client according to the private key that is associated with the host public key.
For successful authentication, you must perform the following tasks:
Configure the client's DSA, RSA, or ECDSA host public key on the server.
Specify the associated host private key on the client to generate the digital signature. If the device serves as a client, specify the public key algorithm on the client. The algorithm determines the associated host private key for generating the digital signature.
You can configure the host public key of an SSH client by using one of the following methods:
Manually entering the content of the host public key—You can type or copy the client's host public key on the client to the SSH server.
If you use this method, the host public key must be in the DER encoding format without being converted.
Before entering the client's host public key, use the display public-key local public command on the server to display the client's host public key. Other ways to display a host public key might result in incorrect format. Hewlett Packard Enterprise recommends that you configure a client public key by importing it from a public key file.
Import the host public key from the public key file—Before you import the host public key, you must upload the client's host public key file (in binary) to the server, for example, through FTP or TFTP. During the import process, the server automatically converts the public key in the public key file to a string in PKCS format.
You can configure up to 20 SSH client public keys on an SSH server.
For more information about client public key configuration, see "Managing public keys."
Manually entering the content of the host public key
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter public key view. | public-key peer keyname | N/A |
3. Enter public key code view. | public-key-code begin | N/A |
4. Configure a client's host public key. | Enter the content of the host public key | Spaces and carriage returns are allowed between characters. |
5. Return to public key view and save the configured host public key. | public-key-code end | When you exit public key code view, the system automatically saves the public key. |
6. Return to system view. | peer-public-key end | N/A |
Importing the client's host public key from the public key file
Step | Command |
---|---|
1. Enter system view. | system-view |
2. Import the public key from a public key file. | public-key peer keyname import sshkey filename |