Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4003
Views
2
Helpful
2
Replies

How can I change the RSA Crypto Key from 2048 to 1024?

rgaspar@setrys.com
Level 1
Level 1

‎07-21-2021 07:05 AM - edited ‎07-21-2021 07:11 AM

How can I change the RSA Crypto Key from 2048 to 1024?
Cisco ISR 4321

Version 17.03.03

 

If I use the command crypto key zeroize rsa and then crypto key generate rsa modulus 1024 it keeps appearing in the show ip ssh:

Minimum expected Diffie Hellman key size: 2048 bits

 

How can I change this to accept a DH Key Size of 1024?

1 person had this problem
Labels:
2 Replies 2

marce1000
VIP
VIP

‎07-21-2021 10:13 AM

 

 - Usually this facility is no longer possible and becomes abandoned as software evolves with stronger security, may work on older release which of course has drawbacks.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

ngkin2010
Level 7
Level 7

‎08-01-2021 08:35 AM - edited ‎08-01-2021 08:42 AM

Hi,

 

Check whether your firmware version allow you to set 1024 or not. The crypto key generate rsa mod 1024 affect the module size, but won't affect the DH key size.

 

(config)# ip ssh dh min size ?
 2048 Diffie Group 14 2048-bit key
 4096 Diffie Group 16 4096-bit key

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents