234
Usage guidelines
The key algorithm must be the same as required by the security application.
The key modulus length must be appropriate (see Table 30)
. The longer the key modulus length, the
higher the security, and the longer the key generation time.
If you do not assign the key pair a name, the system assigns the default name to the key pair and marks
the key pair as default. You can also assign the default name to another key pair, but the system does not
mark the key pair as default.
The name of a key pair must be unique among all manually named key pairs that use the same key
algorithm. If a name conflict occurs, the system asks whether you want to overwrite the existing key pair.
The key pairs are automatically saved and can survive system reboots.
Table 30 A comparison of different types of asymmetric key pairs
T
e Number of ke
airs
Modulus len
th
HP recommendation
RSA
• In non-FIPS mode:
{ If you specify a key pair name, the
command creates a host key pair.
{ If you do not specify a key pair
name, the command creates one
server key pair and one host key
pair, and both key pairs use their
default names.
• In FIPS mode:
If you do not specify a key pair name,
the command creates a host key pair.
• In non-FIPS mode:
512 to 2048 bits
and defaults to
1024 bits.
• In FIPS mode:
2048 bits.
At least 768 bits.
DSA
The command only creates one host key
pair.
• In non-FIPS mode:
512 to 2048 bits
and defaults to
1024 bits.
• In FIPS mode:
2048 bits.
At least 768 bits.
ECDSA
The command only creates one host key
pair.
192 bits. N/A
NOTE:
Only SSH 1.5 uses the RSA server key pair.
Examples
# Create local RSA key pairs with default names.
<Sysname> system-view
[Sysname] public-key local create rsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
...++++++
.++++++
To Next Page
Loading...
Need help?
General
