Solved: Adding NTP and RSA Key

johnlloyd_13 · ‎04-05-2017

hi,

just out of the blue question.

i'm going to add NTP server to some of our ASA that's running proxy phone, s2s VPNs services.

my question is, does adding NTP will 'break' any of the said services (or other services that i'm not aware of)?

is it a safe command to run/add?

also just another question, does generating a new 2048 rsa keys will 'break' the services (SSH, or other services i'm aware of) that's currently using the 'Default-RSA-Key'?

ciscoasa(config)# crypto key generate rsa general-keys modulus 2048
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.

Do you really want to replace them? [yes/no]: y

Marvin Rhoads · ‎04-05-2017

Both are a good idea in general and shouldn't "break" any existing services.

After adding your 2048-bit rsa key, any system that is used to login via ssh will need to accept the new key the first time.

I suppose one could posit an automated system that has no end user under normal circumstances failing to connect but that's a pretty uncommon situation for most shops.

View solution in original post

Marvin Rhoads · ‎04-05-2017

Both are a good idea in general and shouldn't "break" any existing services.

After adding your 2048-bit rsa key, any system that is used to login via ssh will need to accept the new key the first time.

I suppose one could posit an automated system that has no end user under normal circumstances failing to connect but that's a pretty uncommon situation for most shops.

johnlloyd_13 · ‎04-05-2017

thanks marvin!