Generating local key pairs
In the key and algorithm negotiation stage, the DSA, RSA, or ECDSA key pairs are used to generate the session key and session ID. They can also be used by a client to authenticate the server.
Configuration guidelines
To support SSH clients that use different types of key pairs, generate DSA, RSA, and ECDSA key pairs on the SSH server.
When an SSH user logs in to the switch, RSA key pairs can be automatically generated if no local DSA, RSA, or ECDSA key pairs are configured on the switch.
The public-key local create rsa command generates a server RSA key pair and a host RSA key pair. Each of the key pairs consists of a public key and a private key. The public key in the server key pair of the SSH server is used in SSH1 to encrypt the session key for secure transmission of the key. As SSH2.0 uses the DH algorithm to generate the session key on the SSH server and client, no session key transmission is required in SSH2.0 and the server key pair is not used.
The public-key local create dsa command generates only one DSA host key pair. SSH1 does not support the DSA algorithm.
The public-key local create ecdsa command generates only one ECDSA host key pair.
Configuration procedure
To generate local key pairs on the SSH server:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Generate local key pairs. |
| By default, no local key pairs exist. |