1-8
z
You can configure a login header only when the service type is
stelnet
. For configuration of service
types, refer to
Specifying a Service Type for an SSH User
.
z
For details of the
header
command, refer to the corresponding section in
Login Command
.
Configuring Key Pairs
The SSH server’s key pairs are for generating session keys and for SSH clients to authenticate the
server. The SSH client's key pairs are for the SSH server to authenticate the SSH clients in publickey
authentication mode. RSA key pair are only supported.
Generating key pairs
When generating a key pair, you will be prompted to enter the key length in bits, which is between 512
and 2048. The default length is 1024. If the key pair already exists, the system will ask whether to
overwrite it.
Follow these steps to create key pairs:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Generate an RSA key pairs
public-key local create
rsa
Required
By default, no key
pairs are generated.
z
The command for generating a key pair can survive a reboot. You only need to configure it once.
z
It takes more time to encrypt and decrypt data with a longer key, which, however, ensures higher
security. Therefore, specify the length of the key pair accordingly.
z
For a fabric made up of multiple devices, you need to create the key pairs on the device to ensure
that all devices in the fabric have the same local RSA key pairs.
z
Some third-party software, for example, WinSCP, requires that the modulo of a public key must be
greater than or equal to 768. Therefore, a local key pair of more than 768 bits is recommended.
Destroying key pairs
The RSA key may be exposed, and you may want to destroy the keys and generate new ones.
Follow these steps to destroy key pairs:
To do…
Use the command…
Remarks
Enter system view
system-view
—