Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
1
Replies

Firepower Management Center Backup SSH Keypair

goraprhelmad
Level 1
Level 1

‎09-30-2025 03:35 AM - last edited on ‎09-30-2025 06:12 AM by Cisco Employee

Hi,

we store our backups to a remote storage via sftp. It's possible to do this with SSH public/private keys. The FMC default uses ssh-rsa key for root@firepower which is stored in /etc/ssh on the filesystem. The remote server doesn't accept rsa keypairs anymore. How can I change this, such that the FMCv uses the ed25519 or ecdsa keypair, which is also in /etc/ssh?

Thx in advance.

https://9apps.ooo/
0 Helpful
1 Reply 1

vishalbhandari
Spotlight
Spotlight

‎10-10-2025 08:22 PM

You can’t directly change the key type used by FMC’s backup process through the GUI or CLI. The FMC backup function is hardcoded to use the default ssh-rsa key for root@firepower. Since your remote SFTP server no longer accepts RSA, the practical solution is to either:

  1. Re-enable RSA temporarily on the SFTP server (if possible), or

  2. Use an intermediate SFTP host that accepts RSA from FMC and forwards via ED25519/ECDSA, or

  3. Open a TAC case to request an enhancement or verified workaround from Cisco, since manually modifying /etc/ssh or the backup script is unsupported and may break after upgrades.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card