cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1149
Views
0
Helpful
1
Replies
Highlighted

Checking the Identity of a Router with its RSA Key Fingerprint

Hello guys,

I've been struggling with this matter for a few hours and I cannot see a way out.

The idea is to check the identity of a Cisco router through its RSA fingerprint during an SSH connection:

I've done the following steps:

 

1) Configuring the keys on the Cisco router

# Erasing existing non exportable RSA keys

crypto key zeroize rsa

 

# Generating exportable RSA keys

crypto key generate rsa exportable general-keys label <rsa-keys-label> modulus <key-length>

 

# Exporting RSA public and private keys into PEM format before fingerprinting it

crypto key export rsa <rsa-keys-label> pem terminal 3des <Passphrase-used-to-protect-the-private-key>

 

2) SSHing from a linux host to the router

$ ssh root@192.168.127.254

The authenticity of host '192.168.127.254 (192.168.127.254)' can't be established.

RSA key fingerprint is 90:b5:de:97:7a:1f:ca:23:ba:30:7a:0b:d0:47:2c:0e.

Are you sure you want to continue connecting (yes/no)?

 

3) Verifying the RSA key fingerprint of the router

# Using ssh-keygen on the linux host with the router public key

$ ssh-keygen -l -f ssh_router_rsa_key.pub

ssh_router_rsa_key.pub is not a public key file.

 

# Using Linux "Passwords and keys" GUI application with the router private key

cf. attachment.

As you can see, the fingerprint is completely different.

Any suggestion?

1 REPLY 1
Highlighted

This issue turned out to be a file format incompatibility with the linux command "ssh-keygen".

The solution is described here.

Content for Community-Ad