Configuring Key Lengths; Providing The Switch's Public Key To Clients - HP ProCurve 6120G/XG Manual

Notes
"Zeroizing" the switch's key automatically disables SSH (sets ip ssh to no).
Thus, if you zeroize the key and then generate a new key, you must also re-
enable SSH with the ip ssh command before the switch can resume SSH
operation.

Configuring Key Lengths

The crypto key generate ssh command allows you to specify the type and length
of the generated host key. The size of the host key is platform-dependent as
different switches have different amounts of processing power. The size is
represented by the <keysize> parameter and has the values shown in
Table 7-2. The default value is used if keysize is not specified.
Table 7-2. RSA/DSA Values
Platform
2610

3. Providing the Switch's Public Key to Clients

When an SSH client contacts the switch for the first time, the client will
challenge the connection unless you have already copied the key into the
client's "known host" file. Copying the switch's key in this way reduces the
chance that an unauthorized device can pose as the switch to learn your access
passwords. The most secure way to acquire the switch's public key for
distribution to clients is to use a direct, serial connection between the switch
and a management device (laptop, PC, or UNIX workstation), as described
below.
The public key generated by the switch consists of three parts, separated by
one blank space each:
Exponent <e>
Bit Size
896 35 427199470766077426366625060579924214851527933248752021855126493
2934075407047828604329304580321402733049991670046707698543529734853020
0176777055355544556880992231580238056056245444224389955500310200336191
3610469786020092436232649374294060627777506601747146563337525446401
Figure 7-6. Example of a Public Key Generated by the Switch
Maximum RSA Key Size (in bits)
3072
Default: 1024
Modulus <n>
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
DSA Key Size (in bits)
1024
7-13