163The DSA or RSA key pairs are required for generating the session key and session ID in the key exchangestage, and can also be used by a client to authenticate the server. When a client tries to authenticate theserver, it compares the public key that it receives from the server with the server public key that it savedlocally. If the keys are consistent, the client uses the public key to authenticate the digital signature thatreceives from the server. If the digital signatures are consistent, the authentication succeeds.To support SSH clients that use different types of key pairs, generate both DSA and RSA key pairs on theSSH server.Configuration guidelines• SSH supports locally generated DSA and RSA key pairs with default names rather than withspecified names. For more information about the commands that are used to generate keys, seeSecurity Command Reference.• The public-key local create rsa command generates a server key pair and a host key pair for RSA.SSH1 uses the public key in the server key pair of the SSH server to encrypt the session key beforetransmitting the session key. Because SSH2 uses the DH algorithm to separately generate thesession key on the SSH server and the client, no session key transmission is required and thus theserver key pair is not used in SSH2.• The public-key local create dsa command generates only a host key pair. SSH1 does not supportthe DSA algorithm.• The key modulus length must be less than 2048 bits when you use the public-key local create dsacommand to generate the DSA key pair on the SSH server.Configuration procedureTo generate local DSA or RSA key pairs on the SSH server:Step Command Remarks1. Enter system view. system-view N/A2. Generate local DSA or RSAkey pairs. public-key local create { dsa | rsa }By default, no key pairs exist.Support for the dsa keyworddepends on your device model.Enabling the SSH server functionThe SSH server function on the device allows clients to communicate with the device through SSH.The device that acts as an SSH server does not support SFTP or SCP connection initiated by an SSH1client.To enable the SSH server function:Step Command Remarks1. Enter system view. system-view N/A2. Enable the SSH serverfunction. ssh server enable By default, the SSH server functionis disabled.