1112
C
88: SSH C
HAPTER
c
Configuring a Client
Public Key
n
ONFIGURATION
To do...
Enter system view
Create the local RSA key pair
Create the local DSA key pair public-key local create dsa
CAUTION:
Configuration of the rsa local-key-pair create and public-key local create
■
dsa command can survive a reboot. You only need to configure it once.
The length of an RSA server/host key is in the range 512 to 2048 bits. With
■
SSH2, however, some clients require that the keys generated by the server
must not be less than 768 bits.
The length of a DSA host key is in the range 512 to 2048 bits. With SSH2,
■
nevertheless, some clients require that the keys generated by the server must
not be less than 768 bits.
Exporting RSA or DSA key pairs
You can display or export the local RSA or DSA host key for setting the host key on
the remote end.
Follow these steps to display or export an RSA or DSA host key:
To do...
Enter system view
Display the local RSA host key on the
screen in a specified format, or export it
to a specified file
Display the local DSA host key on the
screen in a specified format, or export it
to a specified file
Destroying RSA or DSA key pairs
Follow these steps to destroy an RSA or DSA key pair:
To do...
Enter system view
Destroy the local RSA key pair public-key local destroy rsa Required
Destroy the local DSA key pair public-key local destroy
This configuration task is only necessary for SSH users using publickey
authentication.
Use the command...
system-view
public-key local create rsa Required
Use the command...
system-view
public-key local export rsa
{ openssh | ssh1 | ssh2 }
[ filename ]
public-key local export dsa
{ openssh | ssh2 } [ filename ]
Use the command...
system-view
dsa
Remarks
-
Use either command.
By default, there is neither RSA
key pair nor DSA key pair.
Remarks
-
Required
Use either
command.
Remarks
-
Use either command.