H3C S5500-EI series Operation Manual page 1362

Operation Manual – SSH
H3C S5500-EI Series Ethernet Switches
Caution:
Configuration of the rsa local-key-pair create and public-key local create dsa
command can survive a reboot. You only need to configure it once.
The length of an RSA server/host key is in the range 512 to 2048 bits. With SSH2,
however, some clients require that the keys generated by the server must not be
less than 768 bits.
The length of a DSA host key is in the range 512 to 2048 bits. With SSH2,
nevertheless, some clients require that the keys generated by the server must not
be less than 768 bits.
II. Exporting RSA or DSA key pairs
You can display or export the local RSA or DSA host key for setting the host key on the
remote end.
Follow these steps to display or export an RSA or DSA host key:
Enter system view
Display the local RSA host key on
the screen in a specified format, or
export it to a specified file
Display the local DSA host key on
the screen in a specified format, or
export it to a specified file
III. Destroying RSA or DSA key pairs
Follow these steps to destroy an RSA or DSA key pair:
Enter system view
Destroy the local RSA key
pair
Destroy the local DSA key
pair
To do...
To do...
system-view
public-key local destroy
rsa
public-key local destroy
dsa
Use the command...
system-view
public-key local export
rsa { openssh | ssh1 |
ssh2 } [ filename ]
public-key local export
dsa { openssh | ssh2 }
[ filename ]
Use the command...
1-8
Chapter 1 SSH Configuration
Remarks
—
Required
Use either
command.
Remarks
—
Required
Use either command.