Key algorithm types ············································································································································ 179

Asymmetric key algorithm applications ············································································································ 179

Configuring the local asymmetric key pair ··············································································································· 180

Creating an asymmetric key pair ······················································································································ 180

Displaying or exporting the local RSA or DSA host public key ····································································· 180

Destroying an asymmetric key pair ··················································································································· 181

Configuring a peer public key ···································································································································· 181

Displaying and maintaining public keys ··················································································································· 182

Public key configuration examples ····························································································································· 182

Configuring a peer public key manually ·········································································································· 182

Importing a peer public key from a public key file·························································································· 184

PKI configuration ························································································································································· 187

PKI overview ································································································································································· 187

PKI terms ······························································································································································· 187

PKI architecture ···················································································································································· 188

PKI applications ··················································································································································· 188

How does PKI work ············································································································································· 189

PKI configuration task list ············································································································································ 189

Configuring an entity DN ············································································································································ 190

Configuring a PKI domain ·········································································································································· 191

Submitting a PKI certificate request ···························································································································· 192

Submitting a certificate request in auto mode ·································································································· 193

Submitting a certificate request in manual mode ····························································································· 193

Retrieving a certificate manually ································································································································ 194

Configuring PKI certificate verification ······················································································································ 195

Destroying a local RSA key pair ································································································································ 196

Deleting a certificate ···················································································································································· 196

Configuring an access control policy ························································································································ 197

Displaying and maintaining PKI ································································································································· 197

PKI configuration examples ········································································································································· 198

Requesting a certificate from a CA running RSA Keon ··················································································· 198

Requesting a certificate from a CA running Windows 2003 Server ···························································· 201

Configuring a certificate attribute-based access control policy ····································································· 204

Troubleshooting PKI ····················································································································································· 206

Failed to retrieve a CA certificate ····················································································································· 206

Failed to request a local certificate ··················································································································· 206

Failed to retrieve CRLs ········································································································································ 207

SSH2.0 configuration ················································································································································· 208

SSH2.0 overview ························································································································································· 208

Introduction to SSH2.0 ······································································································································· 208

How does SSH work ··········································································································································· 208

Configuring the device as an SSH server ················································································································· 210

SSH server configuration task list ······················································································································ 210

Generating a DSA or RSA key pair ·················································································································· 211

Enabling the SSH server function ······················································································································ 211

Configuring the user interfaces for SSH clients ································································································ 212

Configuring a client public key ·························································································································· 212

Configuring an SSH user ···································································································································· 213

Setting the SSH management parameters ········································································································ 214

Configuring the device as an SSH client ··················································································································· 215

SSH client configuration task list ························································································································ 215

Specifying a source IP address/interface for the SSH client ·········································································· 215

Configuring whether first-time authentication is supported ············································································· 216

Establishing a connection between the SSH client and server ······································································· 217

vii

Table of Contents