Configuring a client's host public key

About the client's host public key

In publickey authentication, the server compares the SSH username and the client's host public key received from the client with the locally saved SSH username and the client's host public key. If they are the same, the server checks the digital signature that the client sends. The client generates the digital signature by using the private key that is paired with the client's host public key.

For publickey authentication, password-publickey authentication, or any authentication, you must perform the following tasks:

  1. Configure the client's DSA, ECDSA, or RSA host public key on the server.

  2. Specify the associated host private key on the client to generate the digital signature.

    If the device acts as an SSH client, specify the public key algorithm on the client. The algorithm determines the associated host private key for generating the digital signature.

Client public key configuration methods

You can configure the client host public key by using the following methods:

Restrictions and guidelines

As a best practice, configure no more than 20 SSH client's host public keys on an SSH server.

Import the client's host public key as a best practice.

Entering a client's host public key

  1. Enter system view.

    system-view

  2. Enter public key view.

    public-key peer keyname

  3. Configure a client's host public key.

    Enter the content of the client's host public key character by character, or use the copy and paste method.

    When you enter the content of a client's host public key, you can use spaces and carriage returns between characters but the system does not save them. For more information, see "Managing public keys."

  4. Exit public key view and save the key.

    peer-public-key end

Importing a client's host public key from the public key file

  1. Enter system view.

    system-view

  2. Import a client's public key from the public key file.

    public-key peer keyname import sshkey filename