Configuring Key Lengths; Providing The Switch's Public Key To Clients - HP ProCurve 2910al Access Security Manual

Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
N o t e s
Table 7-2. RSA/DSA Values for Various ProCurve Switches
Platform
5400/3500/6200/8200/2910
4200/2900/2810/2610/2510
5300/2800/3400/2600
7-12
hosts file, note that the formatting and comments need not match. For version
1 keys, the three numeric values bit size, exponent <e>, and modulus <n> must
match; for PEM keys, only the PEM-encoded string itself must match.
"Zeroizing" the switch's key automatically disables SSH (sets ip ssh to no).
Thus, if you zeroize the key and then generate a new key, you must also re-
enable SSH with the ip ssh command before the switch can resume SSH
operation.

Configuring Key Lengths

The crypto key generate ssh command allows you to specify the type and length
of the generated host key. The size of the host key is platform-dependent as
different switches have different amounts of processing power. The size is
represented by the <keysize> parameter and has the values shown in
Table 7-2. The default value is used if keysize is not specified.
Maximum RSA Key Size (in bits)
1024, 2048, 3072
Default: 2048
1024, 2048
Default: 2048
896

3. Providing the Switch's Public Key to Clients

When an SSH client contacts the switch for the first time, the client will
challenge the connection unless you have already copied the key into the
client's "known host" file. Copying the switch's key in this way reduces the
chance that an unauthorized device can pose as the switch to learn your access
passwords. The most secure way to acquire the switch's public key for
distribution to clients is to use a direct, serial connection between the switch
and a management device (laptop, PC, or UNIX workstation), as described
below.
DSA Key Size (in bits)
1024
1024
512