rsa local-key-pair

Function

The rsa local-key-pair create command generates local RSA host and server key pairs.

The rsa local-key-pair destroy command removes all local RSA keys including the host key pair and the server key pair.

By default, no local RSA host or server key pairs are generated.

Format

rsa local-key-pair create

rsa local-key-pair destroy

Parameters

None

Views

System view

Default Level

3: Management level

Task Name and Operations

Task Name Operations
ssh-server write

Usage Guidelines

Usage Scenario

To generate local RSA host and server key pairs, run the rsa local-key-pair create command. After the command is run, if an RSA key exists, the system prompts you to confirm whether to change the original key. The generated key pair is named device name_server and device name_host, such as HUAWEI_host and HUAWEI_server. This command is not saved in the configuration file.

After inputting the rsa local-key-pair destroy command, you should confirm whether to remove all local RSA keys. After the rsa local-key-pair destroy command is run, it takes effect and is not saved in the configuration file.

Precautions

  • After you run the rsa local-key-pair create command, the command still takes effect after the device is restarted.
  • After you run this command, the system prompts you to enter the length of an RSA key pair to be generated. Currently, the system supports an RSA key pair with the modulus of 2048 bits, 3072 bits or 4096 bits. If you press Enter without entering the key pair length, a 3072-bit RSA key pair is generated. If you do not perform any operation, the system does not generate any RSA key pair. You are advised to use a more secure RSA key pair of 3072 bits or higher.
  • The premise to log in to the SSH server successfully is to configure and generate a local RSA key pair. Perform either of the following operations to generate an RSA key pair:
  • Run the rsa local-key-pair create command to generate the local key pair.
  • The system automatically generates a local key pair.

To ensure that the local key pair is not changed after the system restarts, run the save command to save the configuration file. Otherwise, the system generates a new local key pair after it restarts. You need to use the new local key pair to log in to the device through SSH.

Example

# Configure a device to generate local host and server key pairs.
<HUAWEI> system-view
[~HUAWEI] rsa local-key-pair create
The key name will be:HUAWEI_Host 
The range of public key size is (2048, 4096). 
NOTE: Key pair generation will take a short while. 
Please input the modulus [default = 3072]:3072
# Remove all RSA keys of the server.
<HUAWEI> system-view
[~HUAWEI] rsa local-key-pair destroy
The name for the keys which will be destroyed is HUAWEI_Host.
Confirm to destroy these keys? Please select [Y/N]: Y
Parent Topic: SSH Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >