Web OS 10.0 Application GuideChapter 5: Secure Switch Management n 109212777-A, February 2002RSA Host and Server KeysTo support the SSH server feature, two sets of RSA keys (host and server keys) are required.The host key is 1024 bits and is used to identify the Web switch. The server key is 768 bits andis used to make it impossible to decipher a captured session by breaking into the Web switch ata later time.When the SSH server is first enabled and applied, the switch will automatically generate thehost and server keys and will then store them into the FLASH memory.N OTE – The Web switch will perform only one session of key/cipher generation at a time.Thus, an SSH/SCP client will not be able to log in if the switch is performing key generation atthat time, or if another client has logged in immediately prior. Also, key generation will fail ifan SSH/SCP client is logging in at that time. To generate a host key: To generate a server key:Again, the host and server key are automatically stored in FLASH memory when generated.N OTE – For security reasons, the SSHD menu options are available via the console port onlyand not via Telnet, SNMP, or the Browser-Based Interface (BBI).When the switch reboots, it will retrieve the host and server keys from the FLASH memory. Ifthese two keys are not available in the flash and if the SSH server feature is enabled, the switchwill automatically generate them during the system reboot.The switch can also automatically regenerate the RSA server key. To set the interval of RSAserver key autogeneration, use this command:where the number of hours must range between 0–24, and a value of 0 denotes that RSA serverkey autogeneration is disabled. When greater than 0, the switch will autogenerate the RSAserver key every specified interval; however, RSA server key generation will be skipped if theswitch is busy doing other key or cipher generation when the timer expires.>> # /cfg/sys/sshd/hkeygen>> # /cfg/sys/sshd/skeygen>> # /cfg/sys/sshd/intrval