Generating Local Key Pairs; Enabling The Stelnet Server - HPE FlexNetwork 5510 HI Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Mpls configuration manual (505 pages) ,
- Layer 3 - ip routing configuration manual (486 pages)
Table of Contents
Advertisement
Generating local key pairs
The DSA, ECDSA, or RSA key pairs are required for generating the session keys and session ID in
the key exchange stage. They can also be used by a client to authenticate the server. When a client
authenticates the server, it compares the public key received from the server with the server's public
key that the client saved locally. If the keys are consistent, the client uses the locally saved server's
public key to decrypt the digital signature received from the server. If the decryption succeeds, the
server passes the authentication.
When you execute any one of the SSH commands on the device to trigger the running of the SSH
application, the SSH server automatically generates two RSA key pairs. You can also use the
public-key local create command to generate DSA, ECDSA, or RSA key pairs on the device.
Configuration guidelines
When you use the public-key local create command to generate local key pairs, follow these
restrictions and guidelines:
•
Local DSA, ECDSA, and RSA key pairs for SSH use default names. You cannot assign names
to the key pairs.
•
To support SSH clients that use different types of key pairs, generate DSA, ECDSA, and RSA
key pairs on the SSH server.
•
The SSH server operating in FIPS mode supports only ECDSA and RSA key pairs. If both
ECDSA and RSA key pairs exist on the server, the server uses the ECDSA key pair.
•
The public-key local create rsa command generates a server key pair and a host key pair for
RSA. In SSH1, the public key in the server key pair is used to encrypt the session key for secure
transmission of the session key. Because SSH2 uses the DH algorithm to generate each
session key on the SSH server and the client, no session key transmission is required. The
server key pair is not used in SSH2.
•
The public-key local create dsa command generates only a DSA host key pair. SSH1 does
not support the DSA algorithm.
•
The key modulus length must be less than 2048 bits when you use the public-key local create
dsa command on the SSH server.
•
The public-key local create ecdsa command generates only an ECDSA host key pair. SSH1
does not support the ECDSA algorithm.
Configuration procedure
To generate local key pairs on the SSH server:
Step
1.
Enter system view.
2.
Generate local key pairs.
Enabling the Stelnet server
After you enable the Stelnet server on the device, a client can log in to the device through Stelnet.
To enable the Stelnet server:
Command
system-view
•
In
Release
public-key
local
{ dsa | rsa }
•
In Release 1121 and later:
public-key
local
{ dsa | ecdsa { secp256r1 |
secp384r1 } | rsa }
332
Remarks
N/A
1111:
create
By default, no local key pairs exist.
create
- Quick Links:
- Radius
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
