SSH RSA Login on Cisco Router

steffen.buehnemann · ‎02-13-2012

Hi @ all,

how can I import a public or private key in a router?
For example, a Cisco 3560th
I have found some conflicting answers @ cisco.com .
Background, I would like to login with PUTTY via ssh on a Cisco Router but without username and password.

The login should be made with RSA Keys.
For this I need to deposit on the IOS device's the public key and on my Client the private key.
For this I've already created with PuTTYGen the two keys. The private is in the ppk format.
I still need to convert this into a different format? Since there are PEM and PKCS.

Below you can see what times I have entered. With the error message: "CRYPTO_PKI: Import PKCS12 operation failed, failure status = 0x705"
With the following error message I can do anything

Can an yone of yo u he lp?

steffen.buehnemann · ‎02-13-2012

CAN ANYONE HELP ME???

steffen.buehnemann · ‎04-18-2012

I have now solved the issue itself...

The important one is the RSA keys as "PKCS # 12" or "PEM" format created.

I've used this program XCA: http://www.heise.de/download/xca-1114273.html

There you can create the keys, with key length of 10248, 2048 bit or 4096, then you have the

Exporting keys individually as private & public in "PEM" format. Afterwards you will be the passphrase

Awarded for the private key.

Here is an example of the syntax switches:

Switch(config)#crypto key import rsa {RSA Key Label} pem url flash: {Passphrase}

% Importing public General Purpose key or certificate PEM file...

Source filename [XCA.pub]? publicKey.pem

Reading file from flash:publicKey.pem

% Importing private General Purpose key PEM file...

Source filename [XCA.prv]? privateKey.pem

Reading file from flash:privateKey.pem

*Mar 10 19:58:12.439: %SSH-5-ENABLED: SSH 1.99 has been enabled

% Key pair import succeeded.

You necessarily didn`t copy the keys into the Flash, it is enough even if they are rolled out from the TFTP.

Then the whole thing should work .