3com 5500-ei pwr Instruccion De Instalación
1-9
As different clients may support different public key algorithms, the key pairs negotiated between the
server and clients may be different. Therefore, you need to generate both RSA and DSA key pairs on
the server to ensure that clients can log in to the server successfully.
You can specify an algorithm for publickey authentication as needed.
Generating key pairs
When generating a key pair, you will be prompted to enter the key length in bits, which is between 512
and 2048. The default length is 1024. If the key pair already exists, the system will ask whether to
overwrite it.
Follow these steps to create key pairs:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Generate an RSA
key pairs
key pairs
public-key local create rsa
Generate key
pair(s)
pair(s)
Generate a DSA
key pair
key pair
public-key local create dsa
Required
By default, no key
pairs are generated.
pairs are generated.
z
The command for generating a key pair can survive a reboot. You only need to configure it once.
z
It takes more time to encrypt and decrypt data with a longer key, which, however, ensures higher
security. Therefore, specify the length of the key pair accordingly.
z
For a fabric made up of multiple devices, you need to create the key pairs on the device to ensure
that all devices in the fabric have the same local RSA key pairs.
z
Some third-party software, for example, WinSCP, requires that the modulo of a public key must be
greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.
Destroying key pairs
The RSA or DSA keys may be exposed, and you may want to destroy the keys and generate new ones.
Follow these steps to destroy key pairs:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Destroy key
pair(s)
pair(s)
Destroy the RSA
key pairs
key pairs
public-key local destroy rsa
Optional