266
Table 16 A comparison of different types of asymmetric key algorithms
Type Number of key pairs Modulus length
RSA
• In non-FIPS mode:
{ If you specify the key pair name, the
command creates a host key pair.
{ If you do not specify the key pair name, the
command creates one server key pair and
one host key pair, and both key pairs use
their default names.
• In FIPS mode:
If you do not specify a key pair name, the
command creates a host key pair with the
default name.
• In non-FIPS mode: 512 to
2048 bits, 1024 bits by
default.
To ensure security, use a
minimum of 768 bits.
• In FIPS mode: 2048 bits.
DSA The command only creates one host key pair.
• In non-FIPS mode: 512 to
2048 bits, 1024 bits by
default.
To ensure security, use a
minimum of 768 bits.
• In FIPS mode: A minimum of
1024 bits.
IMPORTANT:
Only SSH1.5 uses the RSA server key pair.
To create a local asymmetric key pair:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create local DSA or
RSA key pairs.
public-key local create
{
dsa
|
rsa
} [
name
key-name
]
By default, no local key pair exists.
Key pairs created with this command are
saved automatically and can survive system
reboots.
Displaying or exporting the local host public key
In some applications, such as SSH, to allow your local device to be authenticated by a peer device
through digital signature, you must display or export the local host public key, which will then be
specified on the peer device.
To display or export the local host public key, choose one of the following methods:
• Displaying and recording the host public key information
• Displaying the host public key in a specific format and saving it to a file
• Exporting the host public key in a specific format to a file
If
your local device functions to authenticate the peer device, you must specify the peer public key on
the local device. For more information, see "Specifying the peer public key on the local device."
To Next Page
Loading...
Need help?
General
