The ssh server publickey command specifies a public key algorithm for an SSH server.
The undo ssh server publickey command restores all the public key algorithms of an SSH server to default settings.
By default, DSA, ECC, and RSA public key algorithms are enabled on an SSH server.
| Parameter | Description | Value |
|---|---|---|
| dsa | Specifies the DSA algorithm for an SSH server. | - |
| ecc | Specifies the ECC algorithm for an SSH server. | - |
| rsa | Specifies the RSA algorithm for an SSH server. | - |
Usage Scenario
You can run this command to specify a public key algorithm for an SSH server. In this case, the SSH server cannot use other public key algorithms, improving device security. The ECC public key algorithm is recommended.
If a public key algorithm is specified in the ssh server publickey command, the SSH server can use the specified public key algorithm and cannot use other public key algorithms. For example, if the ssh server publickey dsa command is run, the SSH server can use the DSA algorithm and cannot use the ECC and RSA algorithms.
Precautions
A client can log in to an SSH server using a public key algorithm only if the server also uses this public key algorithm.
For security purposes, you are not advised to use the RSA algorithm with the key of less than 2048 bits to authenticate SSH users. Instead, you are advised to use the more secure ECC authentication algorithm.
If this command has been run for multiple times, the latest configuration takes effect.