Example: Entering a peer host public key

As shown in Figure 100, to prevent illegal access, Device B authenticates Device A through a digital signature. Before configuring authentication parameters on Device B, configure the public key of Device A on Device B.

• Configure Device B to use the RSA asymmetric key algorithm to authenticate Device A.

• Manually specify the host public key of Device A on Device B.

1. Configure Device A:

   # Create local RSA key pairs with the default names on Device A, and use the default key modulus length (1024 bits).

   <DeviceA> system-view
   [DeviceA] public-key local create rsa
   The range of public key modulus is (512 ~ 2048).
   If the key modulus is greater than 512, it will take a few minutes.
   Press CTRL+C to abort.
   Input the modulus length [default = 1024]:
   Generating Keys...
   .................++++++
   ......................................++++++
   .....++++++++
   ..............++++++++
   Create the key pair successfully.
   

   # Display all local RSA public keys.

   [DeviceA] display public-key local rsa public
   =============================================
   Key name: hostkey (default)
   Key type: RSA
   Time when key pair created: 16:48:31 2011/05/12
   Key code:
      30819F300D06092A864886F70D010101050003818D0030818902818100DA3B90F59237347B
      8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027AC8F04A827B30C2CAF79242E
      45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D288EC54A5D31EFAE4F681257
      6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94EB1F2D561BF66EA27DFD4788
      CB47440AF6BB25ACA50203010001
   =============================================
   Key name: serverkey (default)
   Key type: RSA
   Time when key pair created: 16:48:31 2011/05/12
   Key code:
      307C300D06092A864886F70D0101010500036B003068026100C9451A80F7F0A9BA1A90C7BC
      1C02522D194A2B19F19A75D9EF02219068BD7FD90FCC2AF3634EEB9FA060478DD0A1A49ACE
      E1362A4371549ECD85BA04DEE4D6BB8BE53B6AED7F1401EE88733CA3C4CED391BAE633028A
      AC41C80A15953FB22AA30203010001
   

2. Configure Device B:

   # Enter the host public key of Device A in public key view. The key must be literally the same as displayed on Device A.

   <DeviceB> system-view
   [DeviceB] public-key peer devicea
   Enter public key view. Return to system view with "peer-public-key end" command.
   [DeviceB-pkey-public-key-devicea]30819F300D06092A864886F70D010101050003818D003081890
   2818100DA3B90F59237347B
   [DeviceB-pkey-public-key-devicea]8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027A
   C8F04A827B30C2CAF79242E
   [DeviceB-pkey-public-key-devicea]45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D2
   88EC54A5D31EFAE4F681257
   [DeviceB-pkey-public-key-devicea]6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94E
   B1F2D561BF66EA27DFD4788
   [DeviceB-pkey-public-key-devicea]CB47440AF6BB25ACA50203010001
   

   # Save the public key and return to system view.

   [DeviceB-pkey-public-key-devicea] peer-public-key end
   

# Verify that the peer host public key configured on Device B is the same as the key displayed on Device A.

[DeviceB] display public-key peer name devicea

=============================================
Key name: devicea
Key type: RSA
Key modulus: 1024
Key code:
   30819F300D06092A864886F70D010101050003818D0030818902818100DA3B90F59237347B
   8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027AC8F04A827B30C2CAF79242E
   45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D288EC54A5D31EFAE4F681257
   6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94EB1F2D561BF66EA27DFD4788
   CB47440AF6BB25ACA50203010001