Table of Contents
Advertisement
crypto key dsa
This command generates the Digital Signature Algorithm (DSA) type host key pair (private and
public) as well as displays the public key. A unique set of host keys are created each time the XSR
reboots but we recommend you generate a new pair of host keys when you believe security may
be compromised.
The master encryption key is used to encrypt the keys before being saved in the hostkey.dat file in
Flash. Access to this file is restricted and it cannot be read or copied. All SSH connection requests
use the host keys stored in the hostkey.dat file unless none have been generated or the content of
the file is corrupted. In those circumstances, default keys are used to secure the connection.
Additional host key behavior is described as follows:
•
If you have not generated a master encryption key before using SSH, the XSR will prompt you
with the
•
One to three minutes will elapse while host keys are generated by
depending on the device load at the time.
•
SSH accepts no new connections during host key generation.
•
The command is ignored if stored in the startup‐config file.
•
If the master key is changed, you are not required to generate a new DSA key pair.
•
If you remove the master key, the DSA key pair is removed as well (hostkey.dat is deleted).
Syntax
crypto key dsa {generate | remove | show}
generate
remove
show
Mode
Global configuration:
Example
The following example generates a new pair of keys:
XSR(config)#crypto key dsa generate
disable
This command exits from Privileged EXEC to EXEC mode.
Syntax
disable
Mode
Privileged EXEC:
crypto key master generate
Produce new key pairs.
Delete old key pair.
Display public portion of host key pairs.
XSR(config)#
XSR#
General Network Management Commands
command.
crypto key dsa
,
XSR CLI Reference Guide 1-3
Advertisement
Table of Contents
