General Network Management Commands
XSR CLI Reference Guide 1-3

crypto key dsa

ThiscommandgeneratestheDigitalSignatureAlgorithm(DSA)typehostkeypair(privateand
public)aswellasdisplaysthepublickey.AuniquesetofhostkeysarecreatedeachtimetheXSR
rebootsbutwerecommendyougenerateanewpairofhostkeyswhenyoubelievesecuritymay
becompromised.
Themasterencryptionkeyisusedtoencryptthekeysbeforebeingsavedinthehostkey.datfilein
Flash.Accesstothisfileisrestrictedanditcannotbereadorcopied.AllSSHconnectionrequests
usethehostkeysstoredinthehostkey.datfileunlessnonehavebeengeneratedorthecontentof
thefileiscorrupted.Inthosecircumstances,defaultkeysareusedtosecuretheconnection.
Additionalhostkeybehaviorisdescribedasfollows:
•IfyouhavenotgeneratedamasterencryptionkeybeforeusingSSH,theXSRwillpromptyou
withthecrypto key master generatecommand.
•Onetothreeminuteswillelapsewhilehostkeysaregeneratedbycrypto key dsa,
dependingonthedeviceloadatthetime.
•SSHacceptsnonewconnectionsduringhostkeygeneration.
•Thecommandisignoredifstoredinthestartupconfigfile.
•Ifthemasterkeyischanged,youarenotrequiredtogenerateanewDSAkeypair.
•Ifyouremovethemasterkey,theDSAkeypairisremovedaswell(hostkey.datisdeleted).
Syntax
crypto key dsa {generate | remove | show}
Mode
Globalconfiguration:XSR(config)#
Example
Thefollowingexamplegeneratesanewpairofkeys:
XSR(config)#crypto key dsa generate

disable

ThiscommandexitsfromPrivilegedEXECtoEXECmode.
Syntax
disable
Mode
PrivilegedEXEC:XSR#
generate Producenewkeypairs.
remove Deleteoldkeypair.
show Displaypublicportionofhostkeypairs.