446
Predefined user roles
network-admin
Parameters
name key-name: Specifies a local ECDSA key pair by its name, a case-insensitive string of 1 to 64
characters. Valid characters are letters, digits, and hyphens (-). If you do not specify a key pair, this
command exports the host public key of the local ECDSA key pair with the default name.
openssh: Exports the host public key in OpenSSH format.
ssh2: Exports the host public key in SSH2.0 format.
filename: Specifies the name of the file for saving the ECDSA host public key. The file name is a
case-insensitive string of 1 to 128 characters. The name cannot be all dots (.), hostkey, serverkey,
dsakey, or ecdsakey, and cannot start with a slash (/) or contain ./ and ../. For more information about
file names, see Fundamentals Configuration Guide. If you do not specify a file name, this command
does not export the key to a file but displays the key on the monitor screen.
Usage guidelines
You can use this command to export a local ECDSA host public key before distributing it to a peer
device.
To distribute a local ECDSA host public key to a peer device:
1. Save the exported ECDSA host public key to a file by using one of the following methods:
Use the public-key local export ecdsa [ name key-name ] { openssh | ssh2 } command
to export the local host public key, and then copy and paste it to a file.
Use the public-key local export ecdsa [ name key-name ] { openssh | ssh2 } filename
command to export the host public key to a file. You cannot export the key to the folder pkey
or its subfolders.
2. Transfer a copy of the file to the peer device, for example, by using FTP in binary mode or TFTP.
For more information about FTP and TFTP, see Fundamentals Configuration Guide.
3. On the peer device, use the public-key peer import sshkey command to import the host
public key from the file.
SSH2.0 and OpenSSH are different public key formats. Choose the correct format that is supported
by the device where you import the host public key.
Only the ECDSA host public key generated by using the secp256r1 curve can be exported.
Examples
# In FIPS mode, export the host public key of the local ECDSA key pair with the default name in
OpenSSH format to a file named key.pub.
<Sysname> system-view
[Sysname] public-key local export ecdsa openssh key.pub
# In FIPS mode, display the host public key of the local ECDSA key pair with the default name in
SSH2.0 format.
<Sysname> system-view
[Sysname] public-key local export ecdsa ssh2
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "ecdsa-sha2-nistp256-2014/07/06"
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBREw5tkARpbV+sYArt/xcW+UJEAevx7O
ckTtTLPBiLP5bWkSdKbvo+3oHRuIyZqmNTIcxuBjuBap+pHc919C58=
---- END SSH2 PUBLIC KEY ----
# In FIPS mode, display the host public key of the local ECDSA key pair with the default name in
OpenSSH format.
<Sysname> system-view
To Next Page
Loading...
Need help?
General
