Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

General Network Management Commands

XSR CLI Reference Guide 1-3

crypto key dsa

ThiscommandgeneratestheDigitalSignatureAlgorithm(DSA)typehostkeypair(privateand

public)aswellasdisplaysthepublickey.AuniquesetofhostkeysarecreatedeachtimetheXSR

rebootsbutwerecommendyougenerateanewpairofhostkeyswhenyoubelievesecuritymay



becompromised.

Themasterencryptionkeyisusedtoencryptthekeysbeforebeingsavedinthehostkey.datfilein

Flash.Accesstothisfileisrestrictedanditcannotbereadorcopied.AllSSHconnectionrequests

usethehostkeysstoredinthehostkey.datfileunlessnonehavebeen

generatedorthecontentof

thefileiscorrupted.Inthosecircumstances,defaultkeysareusedtosecuretheconnection.

Additionalhostkeybehaviorisdescribedasfollows:

•IfyouhavenotgeneratedamasterencryptionkeybeforeusingSSH,theXSRwillpromptyou

withthe

crypto key master generatecommand.

•Onetothreeminuteswillelapsewhilehostkeysaregeneratedby

crypto key dsa,

dependingonthedeviceloadatthetime.

•SSHacceptsnonewconnectionsduringhostkeygeneration.

•Thecommandisignoredifstoredinthestartup‐configfile.

•Ifthemasterkeyischanged,youarenotrequiredtogenerateanewDSAkeypair.

•Ifyouremovethemasterkey,the

DSAkeypairisremovedaswell(hostkey.datisdeleted).

Syntax

crypto key dsa {generate | remove | show}

Mode

Globalconfiguration:XSR(config)#

Example

Thefollowingexamplegeneratesanewpairofkeys:

XSR(config)#crypto key dsa generate

disable

ThiscommandexitsfromPrivilegedEXECtoEXECmode.

Syntax

disable

Mode

PrivilegedEXEC:XSR#

generate

Producenewkeypairs.

remove

Deleteoldkeypair.

show

Displaypublicportionofhostkeypairs.

previous next