Generating Local Dsa Or Rsa Key Pairs; Enabling The Ssh Server Function - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
Task
Generating local DSA or RSA key pairs
Enabling the SSH server function
Enabling the SFTP server function
Configuring the user interfaces for SSH clients
Configuring a client's host public key
Configuring an SSH user
Setting the SSH management parameters
Setting the DSCP value for packets sent by the SSH
server
Generating local DSA or RSA key pairs
DSA or RSA key pairs are required for generating the session key and session ID in the key exchange
stage, and can also be used by a client to authenticate the server. When a client tries to communicate
with a server, it compares the public key that it receives from the server with the server public key that it
saved locally. If the keys are consistent, the client uses the public key to authenticate the digital signature
that receives from the server. If the digital signatures are consistent, the authentication succeeds. If the
digital signatures are consistent, the authentication succeeds.
Configuration guidelines
To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs
•
on the SSH server.
The public-key local create rsa command generates a server RSA key pair and a host RSA key pair.
•
Each of the key pairs consists of a public key and a private key. The public key in the server key pair
of the SSH server is used in SSH1 to encrypt the session key for secure transmission of the key. As
SSH2 uses the DH algorithm to generate the session key on the SSH server and client respectively,
no session key transmission is required in SSH2 and the server key pair is not used.
The public-key local create dsa command generates only the host key pair.
•
•
SSH1 does not support the DSA algorithm.
Configuration procedure
To generate local DSA or RSA key pairs on the SSH server:
Step
1.
Enter system view.
2.
Generate DSA or RSA key
pairs.
Enabling the SSH server function
The SSH server function on the device allows clients to communicate with the device through SSH.
Remarks
Required.
Required for Stelnet, SFTP, and SCP servers.
Required only for SFTP server.
Required.
Required if publickey authentication is configured for
users and the clients directly send the public keys to
the server for validity check.
Required for publickey authentication users and
optional for other authentication users.
Optional.
Optional.
Command
system-view
public-key local create { dsa | rsa }
203
Remarks
N/A
By default, neither DSA key pair
nor RSA key pairs exist.
Advertisement
Table of Contents
Troubleshooting
