z

z

If you have configured a user interface to support SSH protocol, you must configure AAA authentication for the user interface by using the authentication-mode scheme command to ensure successful login.

On a user interface, if the authentication-mode password or authentication-mode none command has been executed, the protocol inbound ssh command is not available. Similarly, if the protocol inbound ssh command has been executed, the authentication-mode password and authentication-mode none commands are not available.

Generating/Destroying a RSA or DSA Key Pair

This configuration task lets you generate or destroy a key pair. You must generate an RSA or DSA key pair on the server for an SSH client to log in successfully. When generating a key pair, you will be prompted to enter the key length in bits, which is between 512 and 2048. In case a key pair already exists, the system will ask whether to replace the existing key pair.

Follow these steps to create or destroy a key pair:

 

 

To do…

 

Use the command…

 

Remarks

 

 

 

Enter system view

 

system-view

 

 

 

 

 

 

 

 

 

 

 

 

Generate an RSA key

 

rsa local-key-pair create

 

Required

 

 

 

 

 

 

Use either command

 

 

 

 

 

 

 

 

 

pair

 

public-key local create rsa

 

 

 

 

 

 

By default, no RSA key pair is created.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Destroy the RSA key pair

 

rsa local-key-pair destroy

 

Optional

 

 

 

 

 

 

Use either command to destroy the

 

 

 

 

public-key local destroy rsa

 

 

 

 

 

 

 

configured RSA key pair.

 

 

 

 

 

 

 

 

 

 

 

Generate a DSA key pair

 

public-key local create dsa

 

Required

 

 

 

 

 

By default, no DSA key pair is created.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Optional

 

 

 

Destroy the DSA key pair

 

public-key local destroy dsa

 

Use the command to destroy the

 

 

 

 

 

 

 

configured DSA key pair.

 

 

 

 

 

 

 

 

 

z

z

z

After an RSA key pair is generated, you can execute the display rsa local-key-pair public or display public-key local rsa public command, which will display two public keys (the host public key and server public key) if the device works in SSH1.x-compatible mode, or only one public key (the host public key) if the device works in SSH2 mode.

The command for generating a key pair can survive a reboot. You only need to configure it once. Some third-party software, for example, WinSCP, requires that the modulo of a public key be greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.

1-6

Page 503
Image 503
3Com WX3000 operation manual Generating/Destroying a RSA or DSA Key Pair