ssh server publickey

Function

The ssh server publickey command enables or disables public key algorithms of the SSH server.

The undo ssh server publickey command restores public key algorithms of the SSH server to default values.

By default, the DSA, ECC, and RSA public key algorithms are enabled.

Format

ssh server publickey { dsa | ecc | rsa } ^*

undo ssh server publickey

Parameters

Parameter	Description	Value
dsa	Enables or disables DSA for the SSH server.	-
ecc	Enables or disables ECC for the SSH server.	-
rsa	Enables or disables RSA for the SSH server.	-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The command enables you to use a secure public key algorithm to log in to the server, with other public key algorithms rejected. This improves device security.

Configuration Impact

To allow a public key algorithm and deny other public key algorithms, run the ssh server publickeyspecified public key algorithm command. For example, after the ssh server publickey ecc command is run, the ECC algorithm is allowed but the DSA or RSA algorithm is not.

Precautions

The DSA and RSA algorithms are weak security public key algorithms, which are not recommended. You are advised to use the ECC public key algorithm. The public key algorithm has been set to ecc in the factory configuration file. By default, the device does not support the undo ssh server publickey command and weak security algorithms such as dsa, and rsa. To use the undo ssh server publickey command and these algorithms, install the weak security algorithm component package (product_version_WEAKEA.mod). For details, see Dynamic Loading.
If this command is run for multiple times, the last configuration takes effect.
A public key algorithm can be used for login only after it is enabled on both the client and server.
This command applies to both IPv4 and IPv6 clients.

Example

# Enable the ECC algorithm and disable other algorithms.

<sysname> system-view
[sysname] ssh server publickey ecc