beautypg.com

Rsa host and server keys, Rsa host and server keys 109 – Nortel Networks WEB OS 212777 User Manual

Page 109

background image

Web OS 10.0 Application Guide

Chapter 5: Secure Switch Management

n

109

212777-A, February 2002

RSA Host and Server Keys

To support the SSH server feature, two sets of RSA keys (host and server keys) are required.
The host key is 1024 bits and is used to identify the Web switch. The server key is 768 bits and
is used to make it impossible to decipher a captured session by breaking into the Web switch at
a later time.

When the SSH server is first enabled and applied, the switch will automatically generate the
host and server keys and will then store them into the FLASH memory.

N

OTE

The Web switch will perform only one session of key/cipher generation at a time.

Thus, an SSH/SCP client will not be able to log in if the switch is performing key generation at
that time, or if another client has logged in immediately prior. Also, key generation will fail if
an SSH/SCP client is logging in at that time.

n

To generate a host key:

n

To generate a server key:

Again, the host and server key are automatically stored in FLASH memory when generated.

N

OTE

For security reasons, the SSHD menu options are available via the console port only

and not via Telnet, SNMP, or the Browser-Based Interface (BBI).

When the switch reboots, it will retrieve the host and server keys from the FLASH memory. If
these two keys are not available in the flash and if the SSH server feature is enabled, the switch
will automatically generate them during the system reboot.

The switch can also automatically regenerate the RSA server key. To set the interval of RSA
server key autogeneration, use this command:

where the number of hours must range between 0–24, and a value of 0 denotes that RSA server
key autogeneration is disabled. When greater than 0, the switch will autogenerate the RSA
server key every specified interval; however, RSA server key generation will be skipped if the
switch is busy doing other key or cipher generation when the timer expires.

>> # /cfg/sys/sshd/

hkeygen

>> # /cfg/sys/sshd/

skeygen

>> # /cfg/sys/sshd/intrval

See also other documents in the category Nortel Networks Hardware: