HPE Moonshot 45Gc Security Configuration Manual page 230

•
If you do not assign the key pair a name, the system assigns the default name to the key pair
and marks the key pair as default. You can also assign the default name to another key pair,
but the system does not mark the key pair as default. The name of a key pair must be unique
among all manually named key pairs that use the same key algorithm. If a name conflict occurs,
the system asks whether you want to overwrite the existing key pair.
•
The key pairs are automatically saved and can survive system reboots.
Table 18 A comparison of different types of asymmetric key algorithms
Type Generated key pairs
•
RSA
•
NOTE:
Only SSH 1.5 uses the RSA server key pair.
DSA One host key pair.
ECDSA One host key pair.
To create a local key pair:
Step
1. Enter system view.
2. Create a local key pair.
In non-FIPS mode:
One host key pair, if you specify a
key pair name.
One server key pair and one host
key pair, if you do not specify a key
pair name.
Both key pairs use their default
names.
In FIPS mode: One host key pair.
Command
system-view
•
In non-FIPS mode:
public-key local create
{ dsa | ecdsa { secp192r1 |
secp256r1 | secp384r1 |
secp521r1 } | rsa } [ name
key-name ]
•
In FIPS mode:
public-key local create
{ dsa | ecdsa { secp256r1 |
217
Modulus length
•
In non-FIPS mode: 512 to 2048 bits,
1024 bits by default.
To ensure security, use a minimum of
768 bits.
•
In FIPS mode: 2048 bits.
•
In non-FIPS mode: 512 to 2048 bits,
1024 bits by default.
To ensure security, use a minimum of
768 bits.
•
In FIPS mode: 2048 bits.
•
In non-FIPS mode: 192 bits, 256
bits, 384 bits, or 521 bits.
The default is 192 bits.
•
In FIPS mode: 256 bits, 384 bits, or
521 bits.
The default is 256 bits.
Remarks
N/A
By default, no local key pairs exist.