rsa peer-public-key

Function

The rsa peer-public-key command configures an encoding format for an RSA public key and displays the RSA public key view.

The undo rsa peer-public-key command deletes an RSA public key.

By default, the encoding format is distinguished encoding rules (DER) for an RSA public key.

Format

rsa peer-public-key key-name [ encoding-type { der | openssh | pem } ]

undo rsa peer-public-key key-name

Parameters

Parameter	Description	Value
key-name	Specifies the RSA public key name.	The value is a string of 1 to 30 case-insensitive characters without spaces. NOTE: The string can contain spaces if it is enclosed with double quotation marks (").
encoding-type	Specifies the encoding format of an RSA public key.	-
der	Specifies the DER format of an RSA public key. DER encodes data in hexadecimal format.	-
openssh	Specifies the OpenSSH format of an RSA public key. OpenSSH encodes data in base-64 format. OpenSSH is an encoding format based on PEM.	-
pem	Specifies the PEM format of an RSA public key. PEM encodes data in base-64 format.	-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When you use an RSA public key for authentication, you must specify the public key of the corresponding client for an SSH user on the server. When the client logs in to the server, the server uses the specified public key to authenticate the client. You can also save the public key generated on the server to the client. Then the client can be successfully authenticated by the server when it logs in to the server for the first time.

Huawei data communications devices support the DER, OpenSSH and PEM formats for RSA keys. If you use an RSA key in non-DER/OpenSSH/PEM format, use a third-party tool to convert the key into a key in DER, OpenSSH or PEM format.

Because a third-party tool is not released with Huawei system software, RSA usability is unsatisfactory. In addition to DER, RSA keys need to support the privacy-enhanced mail (PEM) and OpenSSH formats to improve RSA usability.

Third-party software, such as PuTTY, OpenSSH, and OpenSSL, can be used to generate RSA keys in different formats. The details are as follows:

The PuTTY generate RSA keys in PEM format.
The OpenSSH generates RSA keys in OpenSSH format.
The OpenSSL generates RSA keys in DER format.

OpenSSL is an open source software. You can download related documents at the OpenSSL official website.

After you configure an encoding format for an RSA public key, Huawei data communications device automatically generates an RSA public key in the configured encoding format and enters the RSA public key view. Then you can run the public-key-code begin command and manually copy the RSA public key generated on the peer device to the local device.

Prerequisite

The RSA public key in hexadecimal notation on the remote host has been obtained and recorded.

Follow-up Procedure

After you copy the RSA public key generated on the peer device to the local device, perform the following operations to exit the RSA public key view:

Run the public-key-code end command to return to the RSA public key view.
Run the peer-public-key end command to exit the RSA public key view and return to the system view.

Precautions

If an RSA public key has been assigned to an SSH client, run the undo ssh user user-name assign { rsa-key | dsa-key | ecc-key } command to release the binding between the public key and the SSH client. If you do not release the binding, the undo rsa peer-public-key command will fail to delete the RSA public key.

The peer public key supports only PKCS#1. Other PKCS versions are not supported.

Example

# Display the RSA public key view.

<HUAWEI> system-view

[HUAWEI] rsa peer-public-key rsakey001

[HUAWEI-rsa-public-key]

# Configure an encoding format for an RSA public key and enter the RSA public key view.

<HUAWEI> system-view

[HUAWEI] rsa peer-public-key RsaKey001 encoding-type openssh

[HUAWEI-rsa-public-key]