The ecc local-key-pair create command generates a local Elliptic Curves Cryptography (ECC) host key pair.
Usage Scenario
A local key pair is a prerequisite to a successful SSH login. Compared with the RSA algorithm used by the rsa local-key-pair create command, the ECC algorithm shortens the key length, accelerates the encryption, and improves the security. The length of the server key pair and the host key pair can be 256 bits, 384 bits and 521 bits. By default, the length of the key pair is 521 bits.
Precautions
The generated ECC host key pair is named in the format of switch name_Host_ECC, such as HUAWEI_Host_ECC. The local DSA private key is saved in PKCS#8 format to the hostkey_ecc file in the system NOR FLASH.
The ecc local-key-pair create and ecc local-key-pair destroy commands are not saved in the configuration file. They only need to be run once and take effect even after the switch restarts.
Do not delete the ECC key file from the switch. If the ECC key file is deleted, the ECC key pair cannot be restored after the switch is restarted.
# Generate a local ECC host key pair.
<HUAWEI> system-view [HUAWEI] ecc local-key-pair create Info: The key name will be: HUAWEI_Host_ECC. Info: The ECC host key named HUAWEI_Host_ECC already exists. Warning: Do you want to replace it ? [Y/N]: Y Info: The key modulus can be any one of the following : 256, 384, 521. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=521]:521 Info: Generating keys... Info: Succeeded in creating the ECC host keys.
# Enter a key with incorrect length and re-enter the key with incorrect length for five times, which is the maximum number of retry attempts.
<HUAWEI> system-view [HUAWEI] ecc local-key-pair create Info: The key name will be: HUAWEI_Host_ECC. Info: The ECC host key named HUAWEI_Host_ECC already exists. Warning: Do you want to replace it ?[Y/N]: Y Info: The key modulus can be any one of the following : 256, 384, 521. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=521]:123 Error: Invalid ECC key modulus. Please input the modulus [default=521]:1024 Error: Invalid ECC key modulus. Please input the modulus [default=521]:512 Error: Invalid ECC key modulus. Please input the modulus [default=521]:2048 Error: Invalid ECC key modulus. Please input the modulus [default=521]:4096 Error: Invalid ECC key modulus. Error: The maximum number of retries has reached, and the command has already been canceled.