Exporting rsa or dsa key pairs, Destroying rsa or dsa key pairs, Configuring a client public key – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 612

Advertising
background image

64-7

z

Configuration of the rsa local-key-pair create and public-key local create dsa command can
survive a reboot. You only need to configure it once.

z

The length of an RSA server/host key is in the range 512 to 2048 bits. With SSH2, however, some
clients require that the keys generated by the server must not be less than 768 bits.

z

The length of a DSA host key is in the range 512 to 2048 bits. With SSH2, nevertheless, some
clients require that the keys generated by the server must not be less than 768 bits.

Exporting RSA or DSA key pairs

You can display or export the local RSA or DSA host key for setting the host key on the remote end.

Follow these steps to display or export an RSA or DSA host key:

To do…

Use the command…

Remarks

Enter system view

system-view

Display the local RSA host key on the screen in
a specified format, or export it to a specified file

public-key local export rsa
{ openssh | ssh1 | ssh2 }
[ filename ]

Display the local DSA host key on the screen in
a specified format, or export it to a specified file

public-key local export dsa
{ openssh | ssh2 } [ filename ]

Required
Use either command.

Destroying RSA or DSA key pairs

Follow these steps to destroy an RSA or DSA key pair:

To do…

Use the command…

Remarks

Enter system view

system-view

Destroy the local RSA key pair

public-key local destroy

rsa

Destroy the local DSA key pair

public-key local destroy

dsa

Required
Use either command.

Configuring a Client Public Key

This configuration task is only necessary for SSH users using publickey authentication.

For an SSH user that uses publickey authentication to login, the server must be configured with the
client RSA or DSA host public key in advance, and the corresponding private key for the client must be
specified on the client.

You can manually configure or import the publickey public key from a public key file. In the former case,
you can manually copy the client’s public key configuration to the server. In the latter case, the system

Advertising
Popular Brands
Popular manuals