Ii. generating or destroying local rsa key pair, Section “generating, Or destroying local – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – SSH Terminal Service

H3C S3100-52P Ethernet Switch

Chapter 1 SSH Terminal Service

1-5

Caution:

z

If you have configured a user interface to support SSH protocol, to ensure a
successful login to the user interface, you must configure AAA authentication for the
user interface by using the authentication-mode scheme command.

z

For a user interface, if you have executed the authentication-mode password or
authentication-mode none

command, the protocol inbound ssh command

cannot be executed; if you have executed the protocol inbound ssh command,
neither of the authentication-mode password and authentication-mode none
commands can be executed.

II. Generating or destroying local RSA key pair

This configuration task is used to generate or destroy an RSA key pair on the server,
which is named in the format of switch name plus "_Host", for example, H3C_host.
After you issue the rsa local-key-pair create command, the system prompts you to
input a key length.
In SSH2.0, the key length is in the range of 512 to 2,048 (bits).

Table 1-3

Generate or destroy local RSA key pair

Operation

Command

Description

Enter system view

system-view

—

Generate local RSA key pair

rsa local-key-pair create

Required

Destroy local RSA key pair

rsa local-key-pair destroy

Optional

Caution:

z

For a successful SSH login, you must first generate the RSA key pair of the server.

z

You just need to execute the rsa local-key-pair create command once, and need
not execute the command again after the system is rebooted.

z

If you re-execute the rsa local-key-pair create command, the system will ask
whether you want to replace the original key pair with a new one.