11.2.8 Changing the Host Key Pair

Because the Switch automatically generates a host key pair when the Switch starts for the first time, you do not need to generate a host key pair for SSH operation.

When you transfer the Switch to another application, we recommend that you change SSH host key pair. If you want to change SSH host key pair, run set ssh hostkey commandcommand.

Also, if you want to use a host key pair other than the default RSA 2048bit as the host key for SSHv2, run set ssh hostkey command. If you do not want to use the default RSA host key pair, remove erase ssh hostkey host key pair by running the command.

Figure 11-15: Changing the host key pairing (SSHv1 RSA and SSHv2 RSA)
> enable # set ssh hostkey WARNING!! Would you wish to generate SSHv1 RSA and SSHv2 RSA hostkeys? (y/n): y Generating public/private rsa1 key pair. The key fingerprint is: SHA256:nxeQpjv+aQOQXo6Wqg0Q9BklwosYJ7K3kkUCXgXwwBg MD5:a6:7e:c8:3c:0a:d7:ae:e8:78:58:66:8e:9e:be:e8:3a Generating public/private rsa key pair. The key fingerprint is: SHA256:fDIqAY5v/ybGewFybchsJ1r3gMCnYkGTdKJr0TwAtkc MD5:42:06:3d:06:50:3a:29:4a:2a:79:2f:3c:d4:cc:ea:48 The hostkey generation is completed. #

Figure 11-15: Changing the host key pairing (SSHv1 RSA and SSHv2 RSA)

> enable
# set ssh hostkey
 
WARNING!!
Would you wish to generate SSHv1 RSA and SSHv2 RSA hostkeys? (y/n): y
Generating public/private rsa1 key pair.
The key fingerprint is:
SHA256:nxeQpjv+aQOQXo6Wqg0Q9BklwosYJ7K3kkUCXgXwwBg
MD5:a6:7e:c8:3c:0a:d7:ae:e8:78:58:66:8e:9e:be:e8:3a
 
Generating public/private rsa key pair.
The key fingerprint is:
SHA256:fDIqAY5v/ybGewFybchsJ1r3gMCnYkGTdKJr0TwAtkc
MD5:42:06:3d:06:50:3a:29:4a:2a:79:2f:3c:d4:cc:ea:48
 
The hostkey generation is completed.
#

Figure 11-16 Creating SSHv2 ECDSA Host Key Pairs and Deleting SSHv2 DSA Host Key Pairs
> enable # set ssh hostkey ecdsa 521 WARNING!! Would you wish to generate the SSHv2 ECDSA hostkey? (y/n): y Generating public/private ecdsa key pair. The key fingerprint is: SHA256:jTz5rFJlA6oIrYrWKb6EueKvHcyCQXA1jYU1N+orgqg MD5:0c:c1:c4:8a:38:b0:46:66:2e:ff:f2:44:3c:57:88:4e The hostkey generation is completed. # erase ssh hostkey dsa WARNING!! Would you wish to erase the SSHv2 DSA hostkey? (y/n): y The hostkey was erased successfully. #

Figure 11-16 Creating SSHv2 ECDSA Host Key Pairs and Deleting SSHv2 DSA Host Key Pairs

> enable
# set ssh hostkey ecdsa 521
 
WARNING!!
Would you wish to generate the SSHv2 ECDSA hostkey? (y/n): y
Generating public/private ecdsa key pair.
The key fingerprint is:
SHA256:jTz5rFJlA6oIrYrWKb6EueKvHcyCQXA1jYU1N+orgqg
MD5:0c:c1:c4:8a:38:b0:46:66:2e:ff:f2:44:3c:57:88:4e
 
The hostkey generation is completed.
# erase ssh hostkey dsa
 
WARNING!!
Would you wish to erase the SSHv2 DSA hostkey? (y/n): y
 
The hostkey was erased successfully.
#