Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Record EAST's public key on WEST

In this example, you record the public key you have obtained from EAST. The key is then saved under a name that you can refer to in site-to-site configuration.

A digital signature can be typed in manually, but digital signatures are lengthy and difficult to type. It is generally easier to copy the digital signature into the clipboard of your system and then paste it into the configuration. You do this in a number of ways; for example:

  • Receive the public key from the operator of the VPN peer in an e-mail—perhaps an e-mail protected by a PGP signature. Copy the key text into your clipboard.
  • From an X.509 certificate, provided by a Certificate Agency.
  • Connect to the VPN peer directly through a Telnet or SSH control session. View the public portion of the key using a show command, select the text, and copy the key text into your clipboard.

This task pastes EAST's public key into RSA configuration. The name “EAST-key” is used as the identifier of the key.

Before you begin, copy EAST's public key into your clipboard. To obtain the public key for EAST, run the show vpn ike rsa-keys command on EAST.

If you are in operational mode on WEST, enter configuration mode now and perform the following steps:

Table 1. Record EAST's public key on WEST
Step Command

Specify a name for EAST's public key and paste EAST's public key into the configuration.

vyatta@WEST# set security vpn rsa-keys rsa-key-name EAST-key rsa-key 0sAQOVBIJL+rIkpTuwh8FPeceAF0bhgLr++W51bOAIjFbRDbR8gX3Vlz6wiUbMgGwQxWlYQiqsCeacicsfZx/amlEn9PkSE4e7tqK/JQo40L5C7gcNM24mup1d+0WmN3zLb9Qhmq5q3pNJxEwnVbPPQeIdZMJxnb1+lA8DPC3SIxJM/3at1/KrwqCAhX3QNFY/zNmOtFogELCeyl4+d54wQljA+3dwFAQ4bboJ7YIDs+rqORxWd3l3I7IajT/pLrwr5eZ8OA9NtAedbMiCwxyuyUbznxXZ8Z/MAi3xjL1pjYyWjNNiOij82QJfMOrjoXVCfcPn96ZN+Jqk+KknoVeNDwzpoahFOseJREeXzkw3/lkMN9N1

Commit the configuration.

vyatta@WEST# commit

View the configuration for RSA keys.

Since you have not changed the configuration for the local host's key, it does not display.

vyatta@WEST# show security vpn rsa-keys

rsa-key-name EAST-key {

 rsa-key 
0sAQOVBIJL+rIkpTuwh8FPeceAF0bhgLr++W51bOAIjFbRDbR8gX3Vlz6wiUbMgGwQxWlYQiqsCeacicsfZx/amlEn9PkSE4e7tqK/JQo40L5C7gcNM24mup1d+0WmN3zLb9Qhmq5q3pNJxEwnVbPPQeIdZMJxnb1+lA8DPC3SIxJM/3at1/KrwqCAhX3QNFY/zNmOtFogELCeyl4+d54wQljA+3dwFAQ4bboJ7YIDs+rqORxWd3l3I7IajT/pLrwr5eZ8OA9NtAedbMiCwxyuyUbznxXZ8Z/MAi3xjL1pjYyWjNNiOij82QJfMOrjoXVCfcPn96ZN+Jqk+KknoVeNDwzpoahFOseJREeXzkw3/lkMN9N1
 }


vyatta@WEST#