3Com 5500-EI PWR Install Manual page 829

As different clients may support different public key algorithms, the key pairs negotiated between the
server and clients may be different. Therefore, you need to generate both RSA and DSA key pairs on
the server to ensure that clients can log in to the server successfully.
You can specify an algorithm for publickey authentication as needed.
Generating key pairs
When generating a key pair, you will be prompted to enter the key length in bits, which is between 512
and 2048. The default length is 1024. If the key pair already exists, the system will ask whether to
overwrite it.
Follow these steps to create key pairs:
To do...
Enter system view
Generate an RSA
key pairs
Generate key
pair(s)
Generate a DSA
key pair
The command for generating a key pair can survive a reboot. You only need to configure it once.
It takes more time to encrypt and decrypt data with a longer key, which, however, ensures higher
security. Therefore, specify the length of the key pair accordingly.
For a fabric made up of multiple devices, you need to create the key pairs on the device to ensure
that all devices in the fabric have the same local RSA key pairs.
Some third-party software, for example, WinSCP, requires that the modulo of a public key must be
greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.
Destroying key pairs
The RSA or DSA keys may be exposed, and you may want to destroy the keys and generate new ones.
Follow these steps to destroy key pairs:
To do...
Enter system view
Destroy key Destroy the RSA
pair(s)
key pairs
Use the command...
system-view
public-key local create rsa
public-key local create dsa
Use the command...
system-view
public-key local destroy rsa
1-9
Remarks
—
Required
By default, no key
pairs are generated.
Remarks
—
Optional