Re: Check for the existence and length of RSA Keys

sbyrnes · ‎09-21-2009

Hello,

I have a network with several hundred routers and I need to lock all my devices down to use SSHv2 only.

I have tools which will allow me to interact with the IOS CLI in a scripted fashion but I just need to know, are there commands I can use to easily check for the existence of and length of RSA keys which may already have been generated on my routers?

TIA!

--Steve

Jon Marshall · ‎09-21-2009

Steve

This command will show all RSA keys generated on the router -

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_s1g.html#wp1100280

Jon

sbyrnes · ‎09-21-2009

(deleted)

sbyrnes · ‎09-21-2009

Thank you very much, Jon for your reply.

I am aware of the command you referenced and I imagine there is a way to calculate the key length from the displayed key data (e.g. the number of characters displayed will tell you whether the key was generated with a modulus of 512, 768, 1024, etc).

However, I am hoping there is a more succinct way to check for the existence and length (modulus) of all existing keys on a router (something more like a "summary" view or maybe even a MIB variable).

TIA again for any additional recommendations!

--Steve