Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1014
Views
0
Helpful
2
Replies

7k crypto key not showing unless a label is used

ukleinhe66
Level 1
Level 1

‎08-03-2018 02:05 PM - edited ‎03-03-2019 08:52 AM

Why is the rsa key not showing on the 7k unless it is created with a label?

 

sh cry key mypubkey rsa

 

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎08-06-2018 12:49 AM

Hello,

I see a different behavior:

### Clear the previous keypair
N7K(config)# crypto key zeroize rsa N7K

### Show keypairs - no keypairs present
N7K(config)# show crypto key mypubkey rsa

### Generate a keypair without an explicit label
N7K(config)# crypto key generate rsa

### Check the keypairs again - it's there now
N7K(config)# show crypto key mypubkey rsa
key label: N7K
key size: 512
exportable: no
key-pair already generated

### Repeat the key generation without label - got an error since it exists
N7K(config)# crypto key generate rsa
specified RSA key-pair generated already
could not perform rsa key generation

I've tested this on a 7.2(2)D1(2). Do you see a different behavior on your N7K switch?

Best regards,
Peter

0 Helpful

ukleinhe66
Level 1
Level 1
In response to Peter Paluch

‎08-08-2018 01:03 PM

You are right Peter, the 'cry key gen rsa' does not override the previous generated key. So in order to regenerate a new default key one must delete the existing key first. Even adding a key size of 2048 will not override or create a new key that was 512 bit size. That is why it works when a label is added, as it creates a new key.

In IOS the CLI is prompting that the key is getting replaced. IMHO I don't like the 7k behavior which should be consistent across all platforms.

 

Uwe

0 Helpful
Customers Also Viewed These Support Documents