2-5Follow these steps to generate a DSA or RSA key pair on the SSH server:To do… Use the command… RemarksEnter system view system-view —Generate the local DSA or RSAkey pairpublic-key local create { dsa |rsa }RequiredBy default, there is neither DSAkey pair nor RSA key pair.z For details about the public-key local create command, refer to Public Key Commands in theSecurity Volume.z To ensure that all SSH clients can log into the SSH server successfully, you are recommended togenerate both DSA and RSA key pairs on the SSH server. This is because different SSH clientsmay use different publickey algorithms, though a single client usually uses only one type ofpublickey algorithm.z The public-key local create rsa command generates two RSA key pairs: a server key pair and ahost key pair. Each of the key pairs consists of a public key and a private key. The public key in theserver key pair of the SSH server is used in SSH1 to encrypt the session key for securetransmission of the key. As SSH2 uses the DH algorithm to generate the session key on the SSHserver and client respectively, no session key transmission is required in SSH2 and the server keypair is not used.z The length of the modulus of RSA server keys and host keys must be in the range 512 to 2048 bits.Some SSH2 clients require that the length of the key modulus be at least 768 bits on the SSHserver side.z The public-key local create dsa command generates only the host key pair. SSH1 does notsupport the DSA algorithm.z The length of the modulus of DSA host keys must be in the range 512 to 2048 bits. Some SSH2clients require that the length of the key modulus be at least 768 bits on the SSH server side.Enabling SSH ServerFollow these steps to enable SSH server:To do… Use the command… RemarksEnter system view system-view —Enable the SSH server function ssh server enable RequiredDisabled by defaultConfiguring the User Interfaces for SSH ClientsAn SSH client accesses the device through a VTY user interface. Therefore, you need to configure theuser interfaces for SSH clients to allow SSH login. Note that the configuration takes effect only forclients logging in after the configuration.