crypto key generate

Generates the crypto key to enable SSH.

Syntax

crypto key generate [ dsa | rsa [ modulus key-size ] ]

Command Default

A crypto key is not generated and SSH is not enabled.

Parameters

dsa

Generates the DSA host key pair.

rsa

Generates the RSA host key pair.

modulus key-size: Specifies the modulus size of the RSA key pair, in bits. The valid values for the modulus size are from 1024 through 2048. The default value is 1024.

Modes

Global configuration mode

Usage Guidelines

The dsa keyword is optional. If you do not enter the dsa keyword, the crypto key generate command generates a DSA key pair by default.

To enable SSH, you generate a DSA or RSA host key on the device. The SSH server on the Brocade device uses this host DSA or RSA key, along with a dynamically generated server DSA or RSA key pair, to negotiate a session key and encryption method with the client trying to connect to it. While the SSH listener exists at all times, sessions cannot be started from clients until a host key is generated. After a host key is generated, clients can start sessions. When a host key is generated, it is saved to the flash memory of all management modules. The time to initially generate SSH keys varies depending on the configuration, and can be from a under a minute to several minutes.

To disable SSH, you delete all of the host keys from the device. When a host key is deleted, it is deleted from the flash memory of all management modules.

Examples

The following example shows how to generate the DSA host key pair.

device(config)# crypto key generate dsa

The following example shows how to generate the RSA key pair.

device(config)# crypto key generate rsa modulus 2014

Contents