beautypg.com

Destroying key pairs – H3C Technologies H3C S3600 Series Switches User Manual

Page 899

background image

1-9

To do...

Use the command...

Remarks

Generate an RSA
key pairs

public-key local create rsa

Generate key
pair(s)

Generate a DSA
key pair

public-key local create dsa

Required

By default, no key
pairs are generated.

z

The command for generating a key pair can survive a reboot. You only need to configure it once.

z

It takes more time to encrypt and decrypt data with a longer key, which, however, ensures higher

security. Therefore, specify the length of the key pair accordingly.

z

For a fabric made up of multiple devices, you need to create the key pairs on the device to ensure

that all devices in the fabric have the same local RSA key pairs.

z

Some third-party software, for example, WinSCP, requires that the modulo of a public key must be

greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.

Destroying key pairs

The RSA or DSA keys may be exposed, and you may want to destroy the keys and generate new ones.

Follow these steps to destroy key pairs:

To do…

Use the command…

Remarks

Enter system view

system-view

Destroy the RSA
key pairs

public-key local destroy rsa

Destroy key
pair(s)

Destroy the DSA
key pair

public-key local destroy dsa

Optional

Creating an SSH User and Specifying an Authentication Type

This task is to create an SSH user and specify an authentication type. Specifying an authentication type

for a new user is a must to get the user login.

An SSH user is represented as a set of user attributes on the SSH server. This set is uniquely identified

with the SSH username. When a user logs in to the SSH server from the SSH client, a username is

required so that the server can looks up the database for matching the username. If a match is found, it

authenticates the user using the authentication mode specified in the attribute set. If not, it tears down

the connection.

To prevent illegal users from logging in to the device, SSH supports the authentication modes of

password, publickey, and password-publickey.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: