07-21-2021 07:05 AM - edited 07-21-2021 07:11 AM
How can I change the RSA Crypto Key from 2048 to 1024?
Cisco ISR 4321
Version 17.03.03
If I use the command crypto key zeroize rsa and then crypto key generate rsa modulus 1024 it keeps appearing in the show ip ssh:
Minimum expected Diffie Hellman key size: 2048 bits
How can I change this to accept a DH Key Size of 1024?
07-21-2021 10:13 AM
- Usually this facility is no longer possible and becomes abandoned as software evolves with stronger security, may work on older release which of course has drawbacks.
M.
08-01-2021 08:35 AM - edited 08-01-2021 08:42 AM
Hi,
Check whether your firmware version allow you to set 1024 or not. The crypto key generate rsa mod 1024 affect the module size, but won't affect the DH key size.
(config)# ip ssh dh min size ?
2048 Diffie Group 14 2048-bit key
4096 Diffie Group 16 4096-bit key
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide