HP FlexNetwork 10500 Series Security Configuration Manual page 239

•
Enter an appropriate key modulus length at the prompt (see
modulus length, the higher the security, the longer the key generation time.
•
If you do not assign the key pair a name, the system assigns the default name to the key pair
and marks the key pair as default. You can also assign the default name to another key pair,
but the system does not mark the key pair as default.
•
The key pair name must be unique among all manually named key pairs that use the same key
algorithm. If a name conflict occurs, the system asks whether you want to overwrite the existing
key pair.
•
The key pairs are automatically saved and can survive system reboots.
Table 17 A comparison of different types of asymmetric key algorithms
Type Number of key pairs
•
In non-FIPS mode:
One host key pair, if you specify a key
pair name.
One server key pair and one host key
pair, if you do not specify a key pair
RSA
name.
Both key pairs use their default names.
•
In FIPS mode: One host key pair.
NOTE:
Only SSH 1.5 uses the RSA server key pair.
DSA One host key pair.
ECDSA One host key pair.
To create a local key pair:
Step
1. Enter system view.
2. Create a local key pair.
Command
system-view
•
In non-FIPS mode:
public-key local create { dsa |
ecdsa [ secp192r1 | secp256r1 |
secp384r1 | secp521r1 ] | rsa }
[ name key-name ]
•
In FIPS mode:
public-key local create { dsa |
ecdsa [ secp256r1 | secp384r1 |
secp521r1 ] | rsa } [ name
key-name ]
225
Table 17). The longer the key
Modulus length
•
In non-FIPS mode: 512 to 2048 bits
and defaults to 1024 bits.
To ensure security, use a minimum
of 768 bits.
•
In FIPS mode: 2048 bits.
•
In non-FIPS mode: 512 to 2048 bits
and defaults to 1024 bits.
To ensure security, use a minimum
of 768 bits.
•
In FIPS mode: 2048 bits.
•
In non-FIPS mode: 192 bits, 256
bits, 384 bits, or 521 bits.
•
In FIPS mode: 256 bits, 384 bits, or
521 bits.
Remarks
N/A
By default, no local key pairs
exist.