KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

241

242

243

244

245

246

247

248

249

250

NOTE: Comments in public-key files may appear in a SSH client application's generated public

key. While such comments may help to distinguish one key from another, they do not pose any

restriction on the use of a key by multiple clients and/or users.

Public key illustrations such as the key shown in Figure 176 (page 247) usually include line breaks

as a method for showing the whole key. However, in practice, line breaks in a public key will

cause errors resulting in authentication failure.

1. Use your SSH client application to create a public/private key pair, and see the documentation

provided with your SSH client application for details. The switch supports the following client

public-key properties:

CommentsSupported valueProperty

See Figure 165 (page 231). The key must be one unbroken

ASCII string. If you add more than one client public key

to a file, terminate each key (except the last one) with a

<CR><LF>. Spaces are allowed within the key to delimit

the key's components. Note that, unlike the use of the

switch public key in an SSH client application, the format

of a client public key used by the switch does not include

the client's IP address.

ASCIIKey format

You can choose either RSA or DSA key types when using

the crypto key generate ssh command. The cert and

autorun parameters only use RSA key types.

RSA or DSAKey type

Shorter key lengths allow faster operation, but also mean

diminished security.

3072 bitsMaximum supported

public-key length

Includes the bit size, public index, modulus, any

comments,<CR>, <LF>, and all blank spaces.

If necessary, you can use an editor application to verify

the size of a key. For example, placing a client public

key into a Word for Windows text file and clicking on

File

Properties Statistics,

lets you view the number of characters in the file,

including spaces.

RSA:

1024, 2048, 3072

DSA:

1024

Maximum host key

sizes in bits

2. Copy the client's public key into a text file (filename.txt). For example, use the Notepad editor

included with the Microsoft Windows software. If you want several clients to use client

public-key authentication, copy a public key for each of these clients (10) into the file. Each

key should be separated from the preceding key by a <CR><LF>.

3. Copy the client public-key file into a TFTP server accessible to the switch.

Copying a client public key into the switch requires the following:

• One or more client-generated public keys. See the documentation provided with your SSH

client application.

• A copy of each client public key stored in a single text file or individually on a TFTP server to

which the switch has access. Terminate all client public keys in the file except the last one with

a <CR><LF>

NOTE: The actual content of a public-key entry in a public-key file is determined by the SSH client

application generating the key. Although you can manually add or edit any comments the client

application adds to the end of the key.

248 Secure Shell (SSH)