HPE FlexNetwork 5510 HI Series Security Configuration Manual page 231

•
If you do not assign the key pair a name, the system assigns the default name to the key pair
and marks the key pair as default. You can also assign the default name to another key pair, but
the system does not mark the key pair as default. The name of a key pair must be unique
among all manually named key pairs that use the same key algorithm. If a name conflict occurs,
the system asks whether you want to overwrite the existing key pair.
•
The key pairs are automatically saved and can survive system reboots.
Table 18 A comparison of different types of key algorithms
Type Number of key pairs
•
In non-FIPS mode:
One host key pair, if you specify a key pair name.

One server key pair and one host key pair, if you

do
RSA
Both key pairs use their default names.
•
In FIPS mode: One host key pair.
NOTE:
Only SSH 1.5 uses the RSA server key pair.
DSA One host key pair.
ECDSA One host key pair.
To create a local key pair:
Step
1. Enter system view.
2. Create a local key pair.
not specify a key
Command
system-view
In Release
public-key local create { dsa |
ecdsa | rsa } [ name key-name ]
In Release 1121 and later:
•
In non-FIPS
public-key
{ dsa | ecdsa [ secp192r1 |
secp256r1 | secp384r1 |
secp521r1 ] | rsa } [ name
key-name ]
•
In
public-key
{ dsa | ecdsa [ secp256r1 |
secp384r1 | secp521r1 ] |
rsa } [ name key-name ]
218
Modulus length
•
pair name.
•
•
•
•
•
Remarks
N/A
1111:
mode:
local create
By default, no local key pairs exist.
FIPS mode:
local create
In non-FIPS mode: 512 to
2048 bits, 1024 bits by
default.
To ensure security, use a
minimum of 768 bits.
In FIPS mode: 2048 bits.
In non-FIPS mode: 512 to
2048 bits, 1024 bits by
default.
To ensure security, use a
minimum of 768 bits.
In FIPS mode: 2048 bits.
In Release 1111: 192 bits.
In Release 1121 and later:
In non-FIPS mode: 192

bits, 256 bits, 384 bits, or
521 bits.
In FIPS mode: 256 bits,

384 bits, or 521 bits.