< Home

dsa peer-public-key

Function

The dsa peer-public-key command configures an encoding format for a DSA public key and displays the DSA public key view.

The undo dsa peer-public-key command deletes a DSA public key.

By default, no encoding format is configured for a DSA public key.

Format

dsa peer-public-key key-name encoding-type { der | openssh | pem }

undo dsa peer-public-key key-name

Parameters

Parameter

Description

Value

key-name

Specifies the public key name.

The value is a string of 1 to 30 case-insensitive characters without spaces.

NOTE:

The string can contain spaces if it is enclosed with double quotation marks (").

encoding-type

Specifies an encoding format for a DSA public key.

-

der

Specifies the Distinguished Encoding Rules (DER) format for a DSA public key.

DER encodes data in hexadecimal format.

-

openssh

Specifies the OpenSSH format for a DSA public key.

OpenSSH encodes data in base-64 format.

OpenSSH is an encoding format based on PEM.

-

pem

Specifies the Privacy Enhanced Mail (PEM) format for a DSA public key.

PEM encodes data in base-64 format.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When you use a DSA public key for authentication, you must specify the public key of the corresponding client for an SSH user on the server. When the client logs in to the server, the server uses the specified public key to authenticate the client. You can also save the public key generated on the server to the client. Then the client can be successfully authenticated by the server when it logs in to the server for the first time.

Huawei data communications devices support the DER, OpenSSH and PEM formats for DSA keys. If you use a DSA key in non-DER/OpenSSH/PEM format, use a third-party tool to convert the key into a key in DER, OpenSSH or PEM format.

Because a third-party tool is not released with Huawei system software, DSA usability is unsatisfactory. In addition to DER and PEM, DSA keys need to support the OpenSSH format to improve DSA usability.

Third-party software, such as PuTTY, OpenSSH, and OpenSSL, can be used to generate DSA keys in different formats. The details are as follows:
  • The PuTTY generate DSA keys in PEM format.
  • The OpenSSH generates DSA keys in OpenSSH format.
  • The OpenSSL generates DSA keys in DER format.

OpenSSL is an open source software. You can download related documents at the OpenSSL official website.

After you configure an encoding format for a DSA public key, Huawei data communications device automatically generates a DSA public key in the configured encoding format and enters the DSA public key view. Then, you can run the public-key-code begin command and manually copy the DSA public key generated on the peer device to the local device.

Follow-up Procedure

After you copy the DSA public key generated on the peer device to the local device, perform the following operations to exit the DSA public key view:
  1. Run the public-key-code end command to return to the DSA public key view.
  2. Run the peer-public-key end command to exit the DSA public key view and return to the system view.

Precautions

If a DSA public key has been assigned to an SSH client, run the undo ssh user user-name assign { rsa-key | dsa-key | ecc-key } command to release the binding between the public key and the SSH client. If you do not release the binding between them, the undo dsa peer-public-key command will fail to delete the DSA public key.

The peer public key supports only PKCS#1. Other PKCS versions are not supported.

Example

# Configure an encoding format for a DSA public key and enter the DSA public key view.

<HUAWEI> system-view
[HUAWEI] dsa peer-public-key 23 encoding-type der
[HUAWEI-dsa-public-key]
Parent Topic: User Login Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >