No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
rsa local-key-pair create

rsa local-key-pair create


The rsa local-key-pair create command generates the local RSA host and server key pairs.

By default, the local RSA host and server key pairs are not configured.


rsa local-key-pair create




System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To implement secure data exchange between the server and client, run this command to generate a local key pair.


If the RSA key pair exists, the system prompts you to confirm whether to replace the original key pair.

After you run this command, the system prompts you to enter the number of bits in the host key. The difference between the bits in the server and host key pairs must be at least 128 bits. For a server or host key pair, the minimum length is 512 bits, the maximum length is 2048 bits, and the default length is 2048 bits.


Because a longer key pair provides higher security, you are advised to use key pairs of the largest length.

To successfully log in to the SSH server, a local RSA key pair must be configured and generated. Before performing other SSH configurations, you must use the rsa local-key-pair create command to generate a local key pair.

If no local key pair is configured when you log in to the device through SSH, the system automatically generates a local key pair. To ensure that this local key pair is not changed after the system restarts, run the save command to save the configuration file. Otherwise, the system generates a new local key pair after it restarts. You need to use the new local key pair to log in to the device through SSH.

After you run this command, the generated key pair is saved in the device and will not be lost after the device restarts.

This command is not saved in a configuration file.


# Generate the local RSA host and server key pairs.

<Huawei> system-view
[Huawei] rsa local-key-pair create
The key name will be: Host
RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is less than 2048,
       It will introduce potential security risks.
Input the bits in the modulus[default = 2048]:2048
Generating keys...
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 90892

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next