Generating a dsa or rsa key pair, Enabling the ssh server function – H3C Technologies H3C S7500E Series Switches User Manual
Page 209
11-5
Task
Remarks
Setting the SSH Management Parameters
Optional
Generating a DSA or RSA Key Pair
In the key and algorithm negotiation stage, the DSA or RSA key pair is required to generate the
session ID and for the client to authenticate the server.
Follow these steps to generate a DSA or RSA key pair on the SSH server:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Generate a DSA or RSA key pair
public-key local create { dsa |
rsa }
Required
By default, there is neither DSA
key pair nor RSA key pair.
z
For more information about the public-key local create command, see Public Key Configuration
Commands in the Security Command Reference.
z
You are recommended to generate both DSA and RSA key pairs on the SSH server to support
SSH clients using different types of key pairs.
z
The public-key local create rsa command generates two RSA key pairs: a server key pair and a
host key pair. Each of the key pairs consists of a public key and a private key. The public key in
the server key pair of the SSH server is used in SSH1 to encrypt the session key for secure
transmission of the key. As SSH2.0 uses the DH algorithm to generate the session key on the
SSH server and client respectively, no session key transmission is required in SSH2.0 and the
server key pair is not used.
z
The length of the modulus of RSA server keys and host keys must be in the range 512 to 2048
bits. Some SSH2.0 clients require that the length of the key modulus be at least 768 bits on the
SSH server side.
z
The public-key local create dsa command generates only the host key pair. SSH1 does not
support the DSA algorithm.
z
The length of the modulus of DSA host keys must be in the range 512 to 2048 bits. Some SSH2.0
clients require that the length of the key modulus be at least 768 bits on the SSH server side.
Enabling the SSH Server Function
Follow these steps to enable the SSH server function: