Filter
Top Products
Alteon OS Application Guide
Chapter 1: Accessing the Switch
5942C4911, January 2007
Generating RSA Host and Server Keys for SSH Access
To support the SSH server feature, two sets of RSA keys (host and server keys) are required.
The host key is 1024 bits and is used to identify the GbE Switch Module. The server key is 768
bits and is used to make it impossible to decipher a captured session by breaking into the GbE
Switch Module at a later time.
When the SSH server is first enabled and applied, the switch automatically generates the RSA
host and server keys and is stored in the FLASH memory.
NOTE – To configure RSA host and server keys, first connect to the GbE Switch Module
through the console port (commands are not available via external Telnet connection), and
enter the following commands to generate them manually.
These two commands take effect immediately without the need of an apply command.
When the switch reboots, it will retrieve the host and server keys from the FLASH memory. If
these two keys are not available in the flash and if the SSH server feature is enabled, the switch
automatically generates them during the system reboot. This process may take several minutes
to complete.
The switch can also automatically regenerate the RSA server key. To set the interval of RSA
server key autogeneration, use this command:
A value of 0 (zero) denotes that RSA server key autogeneration is disabled. When greater than
0, the switch will autogenerate the RSA server key every specified interval; however, RSA
server key generation is skipped if the switch is busy doing other key or cipher generation
when the timer expires.
NOTE – The switch will perform only one session of key/cipher generation at a time. Thus, an
SSH/SCP client will not be able to log in if the switch is performing key generation at that
time, or if another client has logged in immediately prior. Also, key generation will fail if an
SSH/SCP client is logging in at that time.
>> # /cfg/sys/sshd/hkeygen (Generates the host key)
>> # /cfg/sys/sshd/skeygen (Generates the server key)
>> # /cfg/sys/sshd/intrval <number of hours (0-24)>