The dsa local-key-pair create command generates the local Digital Signature Algorithm (DSA) host key pair.
Usage Scenario
Compared with Revest-Shamir-Adleman Algorithm (RSA), the digital signature algorithm (DSA) is used more widely in SSH. According to the encryption principle of the asymmetric encryption system, the public key and the private key are generated to implement secure key exchange. This ensures the secure session process.
If a DSA key exists, before the dsa local-key-pair create command is delivered, the system will display a message for you to confirm whether you want to replace the existing DSA key. The naming format of the newly generated key pair is "Device name_Host_DSA", for example, HUAWEI_Host_DSA. The local DSA private key is saved in PKCS#8 format to the hostkey_dsa file in the system NOR FLASH.
When the command is entered, the system prompts you to enter the number of bits of the host key. The length of the host key pair can be 1024 bits and 2048 bits. By default, the length of the key pair is 2048 bits.
Precautions
The command is not saved in the configuration file. Once you run the command, you do not need to run it again after the device is restarted.
To improve security of the device, it is recommended that you use a key pair of 2048 bits.
# Create a DSA key pair on the device.
<sysname> system-view [sysname] dsa local-key-pair create Info: The key name will be:sysname_Host_DSA. Info: The key modulus can be any one of the following : 1024, 2048. Info: If the key modulus is greater than 512, it may take a few minutes. Please input the modulus [default=2048]: Info: Generating keys... Info: Succeeded in creating the DSA host keys.