HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 125
Creating a local key pair, Configuration guidelines, Configuration procedure
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 125 highlights
Creating a local key pair Configuration guidelines When you create a local key pair, follow these guidelines: • The key algorithm must be the same as required by the security application. • The key modulus length must be appropriate (see Table 7). The longer the key modulus length, the higher the security, and the longer the key generation time. • If you do not assign the key pair a name, the system assigns the default name to the key pair and marks the key pair as default. You can also assign the default name to another key pair, but the system does not mark the key pair as default. • The name of a key pair must be unique among all manually named key pairs that use the same key algorithm, but can be the same as a key pair that uses a different key algorithm. If a name conflict occurs, the system asks whether you want to overwrite the existing key pair. • The key pairs are automatically saved and can survive system reboots. Table 7 A comparison of different types of asymmetric key algorithms Type RSA (in non-FIPS mode) RSA (in FIPS mode) DSA (in non-FIPS mode) DSA (in FIPS mode) ECDSA Number of key pairs Modulus length • If you specify a key pair name, the command creates a host key pair. • If you do not specify a key pair name, 512 to 2048 bits. the command creates one server key 1024 by default. pair and one host key pair, and both key pairs use their default names. HP recommendation At least 768 bits. If you do not specify a key pair name, the command only creates a host key pair, 2048 bits. and the key pair uses the default name. The command only creates one host key 512 to 2048 bits. pair. 1024 by default. N/A At least 768 bits. The command only creates one host key pair. 2048 bits. N/A The command only creates one host key pair. 192 bits. N/A NOTE: Only SSH 1.5 uses the RSA server key pair. Configuration procedure To create a local key pair: Step 1. Enter system view. Command system-view 116 Remarks N/A