R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
217
Complete these tasks to configure public keys:
Task Remarks
Configuring a local
asymmetric key pair on the
local device
Creating a local asymmetric key pair
C
hoose one or more
tasks.
Displaying or exporting the local host public key
Destroying a local asymmetric key pair
Specifying the peer public key on the local device
Creating a local asymmetric key pair
When you create an asymmetric key pair on the local device, follow these guidelines:
• Create an asymmetric key pair of the proper type to work with a target application.
• After you enter the command, specify a proper modulus length for the key pair. The following table
compares these types of key pairs.
Table 10 A comparison between different types of asymmetric key pairs
T
yp
e Number of ke
y
p
airs
Modulus len
g
th
Remarks
RSA
Two key pairs, one server key pair and one
host key pair. Each key pair comprises a
public key and a private key.
512 to 2048 bits.
1024 by default.
To achieve high
security, specify at least
768 bits.
DSA One key pair, the host key pair.
512 to 2048 bits.
1024 by default.
IMPORTANT:
Only SSH1.5 uses the RSA server key pair.
To create a local asymmetric key pair:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a local asymmetric
key pair.
public-key local create { dsa
| rsa }
By default, no asymmetric key pair is
created.
Key pairs created with this command are
saved automatically and can survive system
reboots.
In FIPS mode, the DSA key modulus length is
at least 1024 bits, and the RSA key modulus
length must be 2048 bits.