08-03-2018 02:05 PM - edited 03-03-2019 08:52 AM
Why is the rsa key not showing on the 7k unless it is created with a label?
sh cry key mypubkey rsa
08-06-2018 12:49 AM
Hello,
I see a different behavior:
### Clear the previous keypair N7K(config)# crypto key zeroize rsa N7K ### Show keypairs - no keypairs present N7K(config)# show crypto key mypubkey rsa ### Generate a keypair without an explicit label N7K(config)# crypto key generate rsa ### Check the keypairs again - it's there now N7K(config)# show crypto key mypubkey rsa key label: N7K key size: 512 exportable: no key-pair already generated ### Repeat the key generation without label - got an error since it exists N7K(config)# crypto key generate rsa specified RSA key-pair generated already could not perform rsa key generation
I've tested this on a 7.2(2)D1(2). Do you see a different behavior on your N7K switch?
Best regards,
Peter
08-08-2018 01:03 PM
You are right Peter, the 'cry key gen rsa' does not override the previous generated key. So in order to regenerate a new default key one must delete the existing key first. Even adding a key size of 2048 will not override or create a new key that was 512 bit size. That is why it works when a label is added, as it creates a new key.
In IOS the CLI is prompting that the key is getting replaced. IMHO I don't like the 7k behavior which should be consistent across all platforms.
Uwe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide