Usage Scenario
Compared with RSA, Digital Signature Algorithm (DSA) has a wider application in the SSH protocol. The asymmetric encryption system generates public and private keys to implement secure key exchange, thereby ensuring secure sessions.
If a DSA key exists, when you run this command, the system prompts you to confirm whether to change the original key. If you agree, the key in the new key pair is named device name_Host_DSA, for example, HUAWEI_Host_DSA. The local DSA private key is saved in PKCS#8 format to the hostkey_dsa file in the system NOR FLASH.
After you enter the command, the device prompts you to enter the number of bits in the host key. The length of a host key pair can be 2048. By default, the key length is 2048.
Precautions
This command is not saved in a configuration file and can take effect immediately after being run. After the device restarts, you do not need to run the command again.
To improve security of the device, it is recommended that you use a key pair of 2048 bits.
# Generate DSA key pairs on the device.
<HUAWEI> system-view
[HUAWEI] dsa local-key-pair create
Info: The key name will be: HUAWEI_Host_DSA.
Info: The key modulus can be any one of the following : 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=2048]:
Info: Generating keys...
Info: Succeeded in creating the DSA host keys.