Exporting rsa or dsa key pairs, Destroying rsa or dsa key pairs, Configuring a client public key – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 612
64-7
z
Configuration of the rsa local-key-pair create and public-key local create dsa command can
survive a reboot. You only need to configure it once.
z
The length of an RSA server/host key is in the range 512 to 2048 bits. With SSH2, however, some
clients require that the keys generated by the server must not be less than 768 bits.
z
The length of a DSA host key is in the range 512 to 2048 bits. With SSH2, nevertheless, some
clients require that the keys generated by the server must not be less than 768 bits.
Exporting RSA or DSA key pairs
You can display or export the local RSA or DSA host key for setting the host key on the remote end.
Follow these steps to display or export an RSA or DSA host key:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Display the local RSA host key on the screen in
a specified format, or export it to a specified file
public-key local export rsa
{ openssh | ssh1 | ssh2 }
[ filename ]
Display the local DSA host key on the screen in
a specified format, or export it to a specified file
public-key local export dsa
{ openssh | ssh2 } [ filename ]
Required
Use either command.
Destroying RSA or DSA key pairs
Follow these steps to destroy an RSA or DSA key pair:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Destroy the local RSA key pair
public-key local destroy
rsa
Destroy the local DSA key pair
public-key local destroy
dsa
Required
Use either command.
Configuring a Client Public Key
This configuration task is only necessary for SSH users using publickey authentication.
For an SSH user that uses publickey authentication to login, the server must be configured with the
client RSA or DSA host public key in advance, and the corresponding private key for the client must be
specified on the client.
You can manually configure or import the publickey public key from a public key file. In the former case,
you can manually copy the client’s public key configuration to the server. In the latter case, the system