Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
281282283284285286287288289290
272
Table 16 A comparison of different types of asymmetric key algorithms
Type Number of key pairs Modulus length
HP
recommendation
RSA
In non-FIPS mode:
{ If you specify the key pair name,
the command creates a host key
pair.
{ If you do not specify the key pair
name, the command creates one
server key pair and one host key
pair, and both key pairs use their
default names.
In FIPS mode:
If you do not specify a key pair name,
the command creates a host key pair
with the default name.
In non-FIPS mode:
512 to 2048 bits and
defaults to 1024 bits.
In FIPS mode:
2048 bits.
In non-FIPS mode, set
the key modulus
length to at least 768
bits.
DSA
The command only creates one host key
pair.
In non-FIPS mode:
512 to 2048 bits and
defaults to 1024 bits.
In FIPS mode:
At least 1024 bits.
In non-FIPS mode, set
the key modulus
length to at least 768
bits.
IMPORTANT:
Only SSH1.5 uses the RSA server key pair.
To create a local asymmetric key pair:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create local DSA or
RSA key pairs.
public-key local create { dsa |
rsa } [ name key-name ]
By default, no local key pair exists.
Key pairs created with this command are
saved automatically and can survive system
reboots.
Displaying or exporting the local host public key
In some applications, such as SSH, to allow your local device to be authenticated by a peer device
through digital signature, you must display or export the local host public key, which will then be
specified on the peer device.
To display or export the local host public key, choose one of the following methods:
Displaying and recording the host public key information
Displaying the host public key in a specif
ic format and saving it to a file
Exporting the host public key in a specific format to a file
If y
our local device functions to authenticate the peer device, you must specify the peer public key on the
local device. For more information, see "Specifying the peer public key on the local device."