Configuring a client's host public key
About the client's host public key
In publickey authentication, the server compares the SSH username and the client's host public key received from the client with the locally saved SSH username and the client's host public key. If they are the same, the server checks the digital signature that the client sends. The client generates the digital signature by using the private key that is paired with the client's host public key.
For publickey authentication, password-publickey authentication, or any authentication, you must perform the following tasks:
Configure the client's DSA, ECDSA, or RSA host public key on the server.
Specify the associated host private key on the client to generate the digital signature.
If the device acts as an SSH client, specify the public key algorithm on the client. The algorithm determines the associated host private key for generating the digital signature.
Client public key configuration methods
You can configure the client host public key by using the following methods:
Manually enter the content of a client's host public key on the server.
Display the host public key on the client and record the key.
Type the client's host public key character by character on the server, or use the copy and paste method.
The manually entered key must be in DER format without being converted. For the displayed key to meet the requirement when the client is an HPE device, use the display public-key local public command. The format of the public key displayed in any other way (for example, by using the public-key local export command) might be incorrect. If the key is not in correct format, the system discards the key.
Import the client host public key from a public key file.
Save the client public key file to the server. For example, transfer the client public key file to the server in binary mode through FTP or TFTP.
Import the client public key from the locally saved public key file.
During the import process, the server automatically converts the host public key to a string in PKCS format.
Restrictions and guidelines
As a best practice, configure no more than 20 SSH client's host public keys on an SSH server.
Import the client's host public key as a best practice.
Entering a client's host public key
Enter system view.
system-view
Enter public key view.
public-key peer keyname
Configure a client's host public key.
Enter the content of the client's host public key character by character, or use the copy and paste method.
When you enter the content of a client's host public key, you can use spaces and carriage returns between characters but the system does not save them. For more information, see "Managing public keys."
Exit public key view and save the key.
peer-public-key end
Importing a client's host public key from the public key file
Enter system view.
system-view
Import a client's public key from the public key file.
public-key peer keyname import sshkey filename