This is however partially possible, we have two key pairs for any SSH connection Host keys (firewall public and private key)User keys (client public and private key).
It is possible to use user keys with length 2048 bits, but the host keys are generated automatically by firewall and its length could not be changed.
The process that needs to be followed is as follows :- Binding a PKA key to administrator To prepare for PKA, you must first perform the following tasks:
1. On the SSH client, generate a public and private key pair using a key generation program. (The key pair is either RSA for SSHv1 or DSA for SSHv2. See the SSH client application documentation for more information.)
NOTE: If you want to use PKA for automated logins, you must also load an agent on the SSH client to decrypt the private key component of the PKA public/private key pair and hold the decrypted version of the private key in memory.
2. Move the public key from the local SSH directory to a directory on your TFTP server, and launch the TFTP program.
3. To load the public key from the TFTP server to the device, enter one of the following CLI commands: For SSHv1: # exec ssh tftp pka-rsa user-name <name_str> file-name<name_str> ip-addr tftp_ip_addr For SSHv2: # exec ssh tftp pka-dsa user-name <name_str> file-name<name_str> ip-addr tftp_ip_addr
4. Bind the PKA key, a public key to the administrative account of the administrator that who processes the associated private key. The following CLI commands can be used to bind the PKA key to an administrators account:
# set ssh pka-dsa key pka-key # set ssh pka-dsa user-name login-id key pka-key
The user-name option is only available to the root admin, so that only the root admin can bind to another admin. When you--as the root admin or as a read/write admin--enter the command without a username, the device binds the PKA certificate to your own admin account; that is, it binds the certificate to the admin who enters the command.
NOTE: The security device supports up to four PKA public keys per admin user.