Table of Contents
Advertisement
Command Mode
Global Configuration mode
User Guidelines
DSA keys are generated in pairs: one public DSA key and one private DSA
key. These keys are used the encrypt communication with the switch when
using SSH or HTTPS. If your switch already has DSA keys when you issue this
command, you are warned and prompted to replace the existing keys. Existing
certificates generated from the previous keys will be invalidated.The keys are
not saved in the switch configuration; they are saved in the file system and
the private key is never displayed to the user. DSA keys, along with other
switch credentials, are distributed to all units in a stack on a configuration
save.
Use the crypto key zeroize dsa command to remove the DSA key pair from
the system.
Private keys should never be shared with unauthorized users. This command
generates the following private/public key pair in the ssh_host_dsa_key and
ssh_host_dsa_key.pub files. Both the RSA and DSA keys must be generated to
enable the SSH server.
Example
The following example generates DSA key pairs.
console(config)#crypto key generate dsa
crypto key generate rsa
Use the crypto key generate rsa command in Global Configuration mode to
generate RSA key pairs for use by the SSH or HTTPS server. Use the crypto
key zeroize form of the command to delete the private key from the local file
system.
Syntax
crypto key generate rsa
Default Configuration
RSA key pairs do not exist.
1064
Security Commands
Advertisement
Table of Contents
