218
• If you do not assign the key pair a name, the system assigns the default name to the key pair
and marks the key pair as default. You can also assign the default name to another key pair, but
the system does not mark the key pair as default. The name of a key pair must be unique
among all manually named key pairs that use the same key algorithm. If a name conflict occurs,
the system asks whether you want to overwrite the existing key pair.
• The key pairs are automatically saved and can survive system reboots.
Table 18 A comparison of different types of key algorithms
Type Number of key pairs Modulus length
RSA
• In non-FIPS mode:
ï‚¡ One host key pair, if you specify a key pair name.
ï‚¡ One server key pair and one host key pair, if you
do not specify a key pair name.
Both key pairs use their default names.
• In FIPS mode: One host key pair.
NOTE:
Only SSH 1.5 uses the RSA server key pair.
• In non-FIPS mode:
2048 bits, 1024 bits by
default.
To ensure security, use a
minimum of 768 bits.
• In FIPS mode: 2048 bits.
DSA One host key pair.
• In non-FIPS mode:
2048 bits, 1024 bits by
default.
To ensure security, use a
minimum of 768 bits.
• In FIPS mode: 2048 bits.
ECDSA One host key pair.
• In Release 1111: 192 bits.
• In Release 1121 and later:
ï‚¡ In non-
bits, 256 bits, 384 bits, or
521 bits.
ï‚¡ In FIPS mode: 256 bits,
384 bits, or 521 bits.
To create a local key pair:
1. Enter system view.
N/A
2. Create a local key pair.
In Release 1111:
public-key local create
{
dsa
|
ecdsa
|
rsa
} [
name
key-name ]
In Release 1121 and later:
• In non-FIPS mode:
public-
{ dsa | ecdsa [ secp192r1 |
secp256r1 | secp384r1 |
secp521r1 ] | rsa } [ name
key-name ]
• In FIPS mode:
public-
{ dsa | ecdsa [ secp256r1 |
secp384r1 | secp521r1 ] |
} [
key-name ]
By default, no local key pairs exist.
To Next Page
Loading...
Need help?
General