Configuring port security, Overview, Creating a local key pair – H3C Technologies H3C S12500-X Series Switches User Manual

Page 131: Configuration guidelines, Configuration procedure

119

87B

Creating a local key pair

222B

Configuration guidelines

When you create a local key pair, follow these guidelines:

•

The key algorithm must be the same as required by the security application.

•

The key modulus length must be appropriate (see

826H

Table 8

). The longer the key modulus length, the

higher the security, the longer the key generation time.

•

If you do not assign the key pair a name, the system assigns the default name to the key pair and
marks the key pair as default. You can also assign the default name to another key pair, but the
system does not mark the key pair as default.

•

The name of a key pair must be unique among all manually named key pairs that use the same key
algorithm, but can be the same as a key pair that uses a different key algorithm. If a name conflict

occurs, the system asks whether you want to overwrite the existing key pair.

•

The key pairs are automatically saved and can survive system reboots.

Table 8 A comparison of different types of asymmetric key algorithms

Type

Number of key pairs

Modulus length

H3C recommendation

RSA

•

In non-FIPS mode:

{

If you specify the key pair name,

the command creates a host key
pair.

{

If you do not specify the key pair
name, the command creates one

server key pair and one host key

pair, and both key pairs use their
default names.

•

In FIPS mode:

If you do not specify a key pair name,
the command creates a host key pair

with the default name.

•

In non-FIPS mode:

The value range is

512 to 2048 and
the default is1024,

in bits.

•

In FIPS mode:

2048 bits

At least 768 bits

DSA

The command only creates one host key
pair.

•

In non-FIPS mode:

512 to 2048 bits
1024 by default

•

In FIPS mode:

2048 bits

At least 768 bits

ECDSA

The command only creates one host key
pair.

192 bits

N/A

NOTE:

Only SSH 1.5 uses the RSA server key pair.

223B

Configuration procedure

To create a local key pair:

This manual is related to the following products:

H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches