07-14-2014 12:46 AM - edited 03-10-2019 09:52 PM
Hello guys,
I've been struggling with this matter for a few hours and I cannot see a way out.
The idea is to check the identity of a Cisco router through its RSA fingerprint during an SSH connection:
I've done the following steps:
1) Configuring the keys on the Cisco router
# Erasing existing non exportable RSA keys
crypto key zeroize rsa
# Generating exportable RSA keys
crypto key generate rsa exportable general-keys label <rsa-keys-label> modulus <key-length>
# Exporting RSA public and private keys into PEM format before fingerprinting it
crypto key export rsa <rsa-keys-label> pem terminal 3des <Passphrase-used-to-protect-the-private-key>
2) SSHing from a linux host to the router
$ ssh root@192.168.127.254
The authenticity of host '192.168.127.254 (192.168.127.254)' can't be established.
RSA key fingerprint is 90:b5:de:97:7a:1f:ca:23:ba:30:7a:0b:d0:47:2c:0e.
Are you sure you want to continue connecting (yes/no)?
3) Verifying the RSA key fingerprint of the router
# Using ssh-keygen on the linux host with the router public key
$ ssh-keygen -l -f ssh_router_rsa_key.pub
ssh_router_rsa_key.pub is not a public key file.
# Using Linux "Passwords and keys" GUI application with the router private key
cf. attachment.
As you can see, the fingerprint is completely different.
Any suggestion?
07-14-2014 11:42 AM
This issue turned out to be a file format incompatibility with the linux command "ssh-keygen".
The solution is described here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide