Справочник Пользователя для IBM Partner Pavilion BMD00082

BMD00082, February 2009

Chapter 6: Configuring Switch Access  

„

  83

Generating RSA Host and Server Keys for SSH Access

To support the SSH server feature, two sets of RSA keys (host and server keys) are required. 
The host key is 1024 bits and is used to identify the SmartConnect. The server key is 768 bits 
and is used to make it impossible to decipher a captured session by breaking into the Smart-
Connect at a later time.

When the SSH server is first enabled and applied, the SmartConnect automatically generates 
the RSA host and server keys and is stored in the FLASH memory.

To configure RSA host and server keys, first connect to the switch through the management 
system or external Telnet connection, and enter the following commands to generate them 
manually.

These two commands take effect immediately without the need of an apply command.

When the switch reboots, it retrieves the host and server keys from the FLASH memory. If 
these two keys are not available in the flash and if the SSH server feature is enabled, the switch 
automatically generates them during the system reboot. This process may take several minutes 
to complete.

The switch also can regenerate the RSA server key. To set the interval of RSA server key auto-
generation, use this command:

A value of 0 (zero) denotes that RSA server key autogeneration is disabled. When greater 
than 0, the switch automatically generates the RSA server key every specified interval; how-
ever, RSA server key generation is skipped if the switch is busy doing other key or cipher gen-
eration when the timer expires.

The SmartConnect performs only one session of key/cipher generation at a time. Thus, 

a SSH/SCP client will not be able to log in if the switch is performing key generation at that 
time, or if another client has logged in immediately prior. Also, key generation will fail if a 
SSH/SCP client is logging in at that time.

>> # 

>> # 

>> #