Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

security vpn rsa-keys

Records RSA keys for the local host.

set security vpn rsa-keys [ local-key file file-name | rsa-key-name name rsa-key key ]
delete security vpn rsa-keys local-key file [ local-key file | rsa-key-name [ name rsa-key ] ]
show security vpn rsa-keys local-key file [ local-key file | rsa-key-name [ name rsa-key ] ]
file-name
Specifies the name and location of the file containing the RSA digital signature of the local host (both public key and private key). By default, the RSA digital signature for the local host is recorded in /config/ipsec.d/rsa-keys/.
name
A mnemonic name for the remote key. This is the name you refer to when configuring RSA configuration in site-to-site connections.
key
The RSA public key data for the remote peer.

Configuration mode

security {
        vpn {
            rsa-keys {
                local-key {
                    file file-name
        }
            rsa-key-name name {
                rsa-key key 
       }
    }
}

Use this command to view or change the location of the file containing RSA key information for the local host, or to record an RSA public key for a remote host.

The RSA digital signature for the local host can be generated using generate vpn rsa-key in operational mode. Once generated, the key is stored at the location specified by the local-key rsa-key-name option. By default, this is the localhost.key file in the /config/ipsec.d/rsa-keys/ directory.

You must also enter the public key of the remote peer, as the rsa-key-namenamersa-key attribute. Digital signatures are lengthy, so to configure this value copy it as text into your clipboard and paste it into the configuration. Once recorded with a mnemonic name, you can refer to the RSA key by the name in site-to-site connection configurations.

Use the set form of this command to set RSA key configuration.

Use the delete form of this command to remove RSA key configuration.

Use the show form of this command to view RSA key configuration.