01-13-2019 08:26 AM - edited 02-21-2020 08:39 AM
Hello,
I am trying to review back my ssh config.
I tried to generate a set of crypto keys using a different label (not default)
#crypto key generate rsa label ADE modulus 1024 noconfirm
ssh doesnt seem to work until I use
#crypto key generate rsa general-keys modulus 1024 noconfirm
Can some help me confirm this assertion
01-13-2019 09:37 AM
01-13-2019 11:07 AM - edited 01-13-2019 11:11 AM
just to add more what @Mohammed al Baqari said.
Before starting the enrollment process via the CLI, you must generate the RSA key pair with Crypto key generate rsa command.
To generate the keys, you must first configure a hostname and the domain name.
!
domain-name secure-x.local
crypto key gen rsa mod 1024
!
to verify your key you need show crypto key mypubkey rsa
!
crypto ca trustpoint CISCO
!
enrlloment url http://x.x.x.x/certsrv
fqdn secure-x.local
exit
!
crypto ca authenticate CISCO noconfirm
!
crypto ca enroll CISCO
!
so this above paragraph is for only if you installing certificate using the CLI.
--------------------------------------------------------------------------------
other way for SSH could be used as,
!
crypto key gen rsa
!
show crypto key mypuubkey rsa
!
ssh x.x.x.x x.x.x.x management
!
for SSH connection there is no default username or/and password. you must have to configure the aaa authentication ssh console command to enable aaa authentication.
!
show ssh session
ssh disconnect
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide