AT-9000 Switch Command Line User’s Guide
1379
Creating the Encryption Key Pair
The first step to using the SSH server on the switch for remote
management is to create the encryption key. Here is the base command:
crypto key generate hostkey dsa|rsa|rsa1 [
value
]
The VALUE parameter only applies to an RSA key.
To create a DSA key, enter these commands:
awplus> enable
awplus# configure terminal
awplus(config)# crypto key generate hostkey dsa
To create an RSA1 key, enter these commands:
awplus> enable
awplus# configure terminal
awplus(config)# crypto key generate hostkey rsa1
An RSA key is different from the other keys because you can specify a
length in bits by using the VALUE parameter in the command. The other
keys have a fixed key length of 1024 bits. The range is 768 to 2048 bits.
Entering the length is optional. This example creates an RSA key with a
length of 768 bits:
awplus> enable
awplus# configure terminal
awplus(config)# crypto key generate hostkey rsa 768
DSA and RSA1 keys take less than a minute to create. An RSA key that
has the maximum key length of 2048 bits may take as much as four
minutes for the switch to create.
Creating a key is a very CPU intensive process for the switch. The
switch does not stop forwarding network packets, but it may delay
handling some network events, such as spanning tree BPDU
packets. To avoid unexpected or unwanted switch behavior, create
a key during periods of low network activity.
To Next Page
Loading...
