1-9
To do... Use the command... Remarks
Generate an RSA
key pairs
public-key local create rsa
Generate key
pair(s)
Generate a DSA
key pair
public-key local create dsa
Required
By default, no key
pairs are generated.
z The command for generating a key pair can survive a reboot. You only need to configure it once.
z It takes more time to encrypt and decrypt data with a longer key, which, however, ensures higher
security. Therefore, specify the length of the key pair accordingly.
z Some third-party software, for example, WinSCP, requires that the modulo of a public key must be
greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.
Destroying key pairs
The RSA or DSA keys may be exposed, and you may want to destroy the keys and generate new ones.
Follow these steps to destroy key pairs:
To do… Use the command… Remarks
Enter system view
system-view
—
Destroy the RSA
key pairs
public-key local destroy rsa
Destroy key
pair(s)
Destroy the DSA
key pair
public-key local destroy dsa
Optional
Creating an SSH User and Specifying an Authentication Type
This task is to create an SSH user and specify an authentication type. Specifying an authentication type
for a new user is a must to get the user login.
An SSH user is represented as a set of user attributes on the SSH server. This set is uniquely identified
with the SSH username. When a user logs in to the SSH server from the SSH client, a username is
required so that the server can looks up the database for matching the username. If a match is found, it
authenticates the user using the authentication mode specified in the attribute set. If not, it tears down
the connection.
To prevent illegal users from logging in to the device, SSH supports the authentication modes of
password, publickey, and password-publickey.
z Password authentication
To Next Page
Loading...
