Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
1
Helpful
3
Replies

SSH Server Public Key Too Small Vulnerability on DNAC

sujanyakj
Spotlight
Spotlight

‎01-11-2024 01:47 AM

Any suggestion on fixing the above VA in DNAC or how to check the existing SSH public key length in DNAC 

 

Labels:
0 Helpful
3 Replies 3

Torbjørn
Spotlight
Spotlight

‎01-11-2024 02:46 AM - edited ‎01-24-2024 02:59 AM

The following command should output the DNAC SSH server public key length:

ssh-keyscan -t rsa -p 2222 {your dnac ip} | ssh-keygen -lf -

I don't believe there is any feasible(or supported) way to replace this.

EDIT: You should either run this in privileged shell(execute "_shell" on DNAC > 2.3.5.X), or on a linux/BSD/MacOS machine that can reach your DNAC.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

sujanyakj
Spotlight
Spotlight
In response to Torbjørn

‎01-11-2024 03:46 AM

Okay is this command is depends on the DNAC version , we are running DNAC with 2.3.3.7 

0 Helpful

Torbjørn
Spotlight
Spotlight
In response to sujanyakj

‎01-24-2024 03:01 AM

Sorry @sujanyakj, I forgot to specify how you should run the commands. Please see my updated reply above.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful
Customers Also Viewed These Support Documents