Port security features, Port security modes, Distributing a local host public key – H3C Technologies H3C S12500-X Series Switches User Manual

120

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create local DSA or RSA key

pairs.

public-key local create { dsa |
ecdsa | rsa } [ name key-name ]

By default, no local key pair exists.

88B

Distributing a local host public key

You must distribute a local host public key to a peer device so the peer device can use the public key to
encrypt information sent to the local device or authenticate the digital signature signed by the local

device.
To distribute a local host public key:

1.

Record the key or export the key to a file

2.

Transfer the key, for example, by using FTP or TFTP

This section covers only the first task.
The following are the methods available for recording or exporting a local host public key:

•

827H

Exporting a host public key in a specific format to a file

(use this method if you can import public

keys from a file on the peer device)

•

828H

Displaying a host public key in a specific format and saving it to a file

(use this method if you can

import public keys from a file on the peer device)

•

829H

Displaying a host public key

(use this method if you must manually enter the key on the peer device)

224B

Exporting a host public key in a specific format to a file

Step Command

1.

Enter system view.

system-view

2.

Export a local host public key
in a specific format to a file.

•

Export an RSA host public key:

{

In non-FIPS mode:

public-key local export rsa [ name key-name ] { openssh | ssh1 |
ssh2 } filename

{

In FIPS mode:
public-key local export rsa [ name key-name ] { openssh | ssh2 }

filename

•

Export a DSA host public key:

public-key local export dsa [ name key-name ] { openssh | ssh2 }

filename