Example: Importing a public key from a public key file

Network configuration

As shown in Figure 101, Device B authenticates Device A through a digital signature. Before configuring authentication parameters on Device B, configure the public key of Device A on Device B.

Figure 101: Network diagram

Procedure

  1. Configure Device A:

    # Create local RSA key pairs with the default names on Device A, and use the default key modulus length (1024 bits).

    <DeviceA> system-view
    [DeviceA] public-key local create rsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    .................++++++
    ......................................++++++
    .....++++++++
    ..............++++++++
    Create the key pair successfully.
    

    # Display all local RSA public keys.

    [DeviceA] display public-key local rsa public
    =============================================
    Key name: hostkey (default)
    Key type: RSA
    Time when key pair created: 16:48:31 2011/05/12
    Key code:
       30819F300D06092A864886F70D010101050003818D0030818902818100DA3B90F59237347B
       8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027AC8F04A827B30C2CAF79242E
       45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D288EC54A5D31EFAE4F681257
       6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94EB1F2D561BF66EA27DFD4788
       CB47440AF6BB25ACA50203010001
    =============================================
    Key name: serverkey (default)
    Key type: RSA
    Time when key pair created: 16:48:31 2011/05/12
    Key code:
       307C300D06092A864886F70D0101010500036B003068026100C9451A80F7F0A9BA1A90C7BC
       1C02522D194A2B19F19A75D9EF02219068BD7FD90FCC2AF3634EEB9FA060478DD0A1A49ACE
       E1362A4371549ECD85BA04DEE4D6BB8BE53B6AED7F1401EE88733CA3C4CED391BAE633028A
       AC41C80A15953FB22AA30203010001
    

    # Export the RSA host public key to file devicea.pub.

    [DeviceA] public-key local export rsa ssh2 devicea.pub
    

    # Enable the FTP server, create an FTP user with username ftp and password 123, and configure the FTP user role as network-admin.

    [DeviceA] ftp server enable
    [DeviceA] local-user ftp
    [DeviceA-luser-manage-ftp] password simple 123
    [DeviceA-luser-manage-ftp] service-type ftp
    [DeviceA-luser-manage-ftp] authorization-attribute user-role network-admin
    [DeviceA-luser-manage-ftp] quit
    
  2. Configure Device B:

    # Use FTP in binary mode to get public key file devicea.pub from Device A.

    <DeviceB> ftp 10.1.1.1
    Connected to 10.1.1.1 (10.1.1.1).
    220 FTP service ready.
    User(10.1.1.1:(none)):ftp
    331 Password required for ftp.
    Password:
    230 User logged in.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> binary
    200 TYPE is now 8-bit binary
    ftp> get devicea.pub
    227 Entering Passive Mode (10,1,1,1,118,252)
    150 Accepted data connection
    226 File successfully transferred
    301 bytes received in 0.003 seconds (98.0 kbyte/s)
    ftp> quit
    221-Goodbye. You uploaded 0 and downloaded 1 kbytes.
    221 Logout.
    

    # Import the host public key from key file devicea.pub.

    <DeviceB> system-view
    [DeviceB] public-key peer devicea import sshkey devicea.pub
    

Verifying the configuration

# Verify that the peer host public key configured on Device B is the same as the key displayed on Device A.

[DeviceB] display public-key peer name devicea
=============================================
Key name: devicea
Key type: RSA
Key modulus: 1024
Key code:
   30819F300D06092A864886F70D010101050003818D0030818902818100DA3B90F59237347B
   8D41B58F8143512880139EC9111BFD31EB84B6B7C7A1470027AC8F04A827B30C2CAF79242E
   45FDFF51A9C7E917DB818D54CB7AEF538AB261557524A7441D288EC54A5D31EFAE4F681257
   6D7796490AF87A8C78F4A7E31F0793D8BA06FB95D54EBB9F94EB1F2D561BF66EA27DFD4788
   CB47440AF6BB25ACA50203010001