Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6189
Views
1
Helpful
3
Replies

Import RSA Keys for SSH

hclisschennai
Level 1
Level 1

‎12-11-2008 11:57 PM - edited ‎03-04-2019 12:40 AM

Hi

I have the router configured for SSH and it is working good. I know how to configure SSH in router using crypto command. The new requirement araised now.

My organisation has created a pair of key - PULIC KEY & PRIVATE KEY common to the company using some mechanism. The idea is the PUBLIC KEY will be installed in the devices like Unix, Linux Servers. so the staff who is owing the PRIVATE KEY is only be allowed to access the device.

I am trying to add / install / import the PUBLIC KEY into the Router in similar fashion. But i am not getting clue how to go ahead. Please guide me how to import the PUBLIC KEY into the Router, so that who ever is having the PRIVATE KEY is only allowed to login to the device.

Can anybody help me how to achieve this

Labels:
0 Helpful
3 Replies 3

lejoe.thomas
Level 3
Level 3

‎12-12-2008 02:36 AM

Hi,

There is an option to import keys in PEM-Formatted Files and PKCS12 Files

Hope the documentation helps

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_deploy_RSA_piki_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055433

Lejoe

0 Helpful

hclisschennai
Level 1
Level 1
In response to lejoe.thomas

‎12-12-2008 03:54 AM

Hi Lejoe.

Thankyou for your response. I appreciate.

I will follow this and revert if any more clarification is required

0 Helpful

gowrao
Cisco Employee
Cisco Employee
In response to hclisschennai

‎04-29-2020 06:40 AM

Hi All, 

 

Recently I came across one customer and my customer wanted me to show the steps. I did it in my lab environment, you can go through the below.  It might be useful. 

 

 

  1. Configure RSA key as exportable.

 

C2911-2(config)#crypto key generate rsa label test exportable modulus 2046

The name for the keys will be: test

 

% The key modulus size is 2046 bits

% Generating 2046 bit RSA keys, keys will be exportable...

[OK] (elapsed time was 5 seconds)

 

  1. Export the key and save it offline

 

C2911-2(config)#crypto key export rsa test pem terminal  3des cisco123456

 

% Key name: test

   Usage: General Purpose Key

   Key data:

-----BEGIN PUBLIC KEY-----

MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQAvnyD4fBiBA2/1UoPzoJmQ

IWqVKgTvv9Uj4ITo5s9h6//L0Zv7n9sKaXduMKyjVT0ge/ZjInskqmuYTZT3V88S

xELlmF0Sq3+SvW1n9OV84vhh6FZXwKnAvIxuJdnjrhg9If9FPjcLScOyKUYsNn7d

7Aev2yv/GkAAN1hxqp515PawUvSyxktOROxjS0fU/bBOAmC33XwFZv54GczegkBn

T+BoQCJO+IqA4HHwNQRayiRGfX46jtnNlEvxKUkVbImDc0l6Tkh6aXoPQ2cAznbw

OQ+esj5bXsSI/tNVPZufNZtzpcCS3bUwRF747zOXSvh825KhrOQ0P+0nzw9fs4mp

AgMBAAE=

-----END PUBLIC KEY-----

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,47D4C87916A56404

 

X6yL+4URupwu40Sy59MvU6i7KsiOLJzzwHx9r07gk+vxiuAoWgFIQSCw1ReogiCD

C6USbP/JhAMmFwBSQlrHH2OF50q3BpzjqXAT0Kd0zVuK7R9DunHSYYck6BNMsaIt

lVrZzYKQMOggCQ9mrfHTqGI6hB+vqCgxq8oBJVJE4qJ+4DV3lqKiQsEu8nR/4KCR

Jz/nXsMJHrEscJOy+SACJLXU7CzTI+RM4OyuP2UzhqSNfN0a2622FEJI2pGOqcuk

itHS6ayIFr9qnANti4SuGCc0d6ZVZPtbzTlBCmRz0TfqkeMkDg+X/2VvdizW0Z9e

drdEpPFDELhkmJe6aPK4Wx/CeAUIy1jhuReAovktQYxL7X9/a3+H1KArVM3ANzMi

JfJctj9cSQqnNbjiGCXykhdUmfnhig9F6dSEZhkMk8JiPM0bZwIsJeSCyDqliK5U

fO8xpvGKepy783E3kLtihJ+EKEkQN0YWFfp9jIUO7jZp3d0ooeS3qpH91420Tqub

hx8dAdZgxpAlHeKGDG5W1+JoMDsE/EiwqM62QM34jLO0sUGYBQm/P3PdCY9pTiSs

hrouY/ND+Krlp3q2j/XyINy10mIdOQqcSJMTbyjmaLgsOl3fIjsY1uDhqPGoUicF

RCeGUujFpnVMiHA2VqA9KGKVpLQVtaaAMgv3QBhtmM9ndgbw1JQDH7wPI/ZYfaB3

UehoA7fr3RakCFn6C9o3820UUYSmNtHAFT1U+Ro9ALMNtqXKkak+APdx+8Lh2KSD

2oVVX051/HXXGD+hp7E6l3RWWigZgWbrDQCiyqlYEsKzYf94Al1rY4Wi55SOmxh5

pWu7djps8GssjBKI8kGTOWlXEI47JcoM5wmU98yR0yPWwhe0NvBQKaM1JJMJNQcE

3Nu3L4XjbpygfGG2/LRvnF0eCHiCxPOHyrQDuw+WtrLQSgw032wdOgdsp2/G9UcO

FgsxSElaX7GIVrT+dZ8Cu6ik7mmPZfWq/Va6iYMGW/EsQMOMv0BHVa2KM0/zzADi

MLKRItUMtxBOFrhiKb9lXiVMsetVP3N5yT/5SuAfejb4BsYNKiERGcwuvhkSR/Ic

bgNr+E1TwtAFOdYRA7yXON/cbZPUgqsUPv62HmrCRxm5DkuQKWxr4vWRkgbkGeEK

wjcGBDWb1Jz+mck7x4bVSU57Gtek7w425cnoo6V08gg0h6yI3180kBMQLIzbGlwA

v9wzc5UNBA85zlPSy+V5iXXT5Vgdm1l9auOj3alZQgnwVgE4H6DqKBVVFO8nX+Ke

6EHuOiDZy0X1QAtIp4dP0Ne55ZhjHB51/Bh8LX4Y1ylwOXDAOvvwE5dN33BS1YOb

66Oujmp0SpNwHIoScHy7WUMcupYBFQ74y3wtrBzidxUG/h+r756Mcsl9FkWelkrI

B7ZV5D4yItB51/Oa+t5qCBt2YuBtbIYAp6XulaY7Ciep9bzGZmOYpKGVjQOZQhva

NIL86qByvNlzMNFREV71AycOL+hn41UQxPF71wikrOWoy1zFKOCUCuCYaTaNXp8q

XYNeYJ3ynMjaWik7pciA+9aQ8mpev5M1rEGHX5uHekkE6KwxSt6CQw==

-----END RSA PRIVATE KEY-----

 

  1. To import the key from offline to the box, use the below command,

 

C2911-2(config)#crypto key import rsa test1 terminal cisco123456

% Enter PEM-formatted public General Purpose key or certificate.

% End with a blank line or "quit" on a line by itself.

-----BEGIN PUBLIC KEY-----

MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQAvnyD4fBiBA2/1UoPzoJmQ

IWqVKgTvv9Uj4ITo5s9h6//L0Zv7n9sKaXduMKyjVT0ge/ZjInskqmuYTZT3V88S

xELlmF0Sq3+SvW1n9OV84vhh6FZXwKnAvIxuJdnjrhg9If9FPjcLScOyKUYsNn7d

7Aev2yv/GkAAN1hxqp515PawUvSyxktOROxjS0fU/bBOAmC33XwFZv54GczegkBn

T+BoQCJO+IqA4HHwNQRayiRGfX46jtnNlEvxKUkVbImDc0l6Tkh6aXoPQ2cAznbw

OQ+esj5bXsSI/tNVPZufNZtzpcCS3bUwRF747zOXSvh825KhrOQ0P+0nzw9fs4mp

AgMBAAE=

-----END PUBLIC KEY-----

quit

% Enter PEM-formatted encrypted private General Purpose key.

% End with "quit" on a line by itself.

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,47D4C87916A56404

 

% Enter PEM-formatted encrypted private General Purpose key.

% End with "quit" on a line by itself.

X6yL+4URupwu40Sy59MvU6i7KsiOLJzzwHx9r07gk+vxiuAoWgFIQSCw1ReogiCD

C6USbP/JhAMmFwBSQlrHH2OF50q3BpzjqXAT0Kd0zVuK7R9DunHSYYck6BNMsaIt

lVrZzYKQMOggCQ9mrfHTqGI6hB+vqCgxq8oBJVJE4qJ+4DV3lqKiQsEu8nR/4KCR

Jz/nXsMJHrEscJOy+SACJLXU7CzTI+RM4OyuP2UzhqSNfN0a2622FEJI2pGOqcuk

itHS6ayIFr9qnANti4SuGCc0d6ZVZPtbzTlBCmRz0TfqkeMkDg+X/2VvdizW0Z9e

drdEpPFDELhkmJe6aPK4Wx/CeAUIy1jhuReAovktQYxL7X9/a3+H1KArVM3ANzMi

JfJctj9cSQqnNbjiGCXykhdUmfnhig9F6dSEZhkMk8JiPM0bZwIsJeSCyDqliK5U

fO8xpvGKepy783E3kLtihJ+EKEkQN0YWFfp9jIUO7jZp3d0ooeS3qpH91420Tqub

hx8dAdZgxpAlHeKGDG5W1+JoMDsE/EiwqM62QM34jLO0sUGYBQm/P3PdCY9pTiSs

hrouY/ND+Krlp3q2j/XyINy10mIdOQqcSJMTbyjmaLgsOl3fIjsY1uDhqPGoUicF

RCeGUujFpnVMiHA2VqA9KGKVpLQVtaaAMgv3QBhtmM9ndgbw1JQDH7wPI/ZYfaB3

UehoA7fr3RakCFn6C9o3820UUYSmNtHAFT1U+Ro9ALMNtqXKkak+APdx+8Lh2KSD

2oVVX051/HXXGD+hp7E6l3RWWigZgWbrDQCiyqlYEsKzYf94Al1rY4Wi55SOmxh5

pWu7djps8GssjBKI8kGTOWlXEI47JcoM5wmU98yR0yPWwhe0NvBQKaM1JJMJNQcE

3Nu3L4XjbpygfGG2/LRvnF0eCHiCxPOHyrQDuw+WtrLQSgw032wdOgdsp2/G9UcO

FgsxSElaX7GIVrT+dZ8Cu6ik7mmPZfWq/Va6iYMGW/EsQMOMv0BHVa2KM0/zzADi

MLKRItUMtxBOFrhiKb9lXiVMsetVP3N5yT/5SuAfejb4BsYNKiERGcwuvhkSR/Ic

bgNr+E1TwtAFOdYRA7yXON/cbZPUgqsUPv62HmrCRxm5DkuQKWxr4vWRkgbkGeEK

wjcGBDWb1Jz+mck7x4bVSU57Gtek7w425cnoo6V08gg0h6yI3180kBMQLIzbGlwA

v9wzc5UNBA85zlPSy+V5iXXT5Vgdm1l9auOj3alZQgnwVgE4H6DqKBVVFO8nX+Ke

6EHuOiDZy0X1QAtIp4dP0Ne55ZhjHB51/Bh8LX4Y1ylwOXDAOvvwE5dN33BS1YOb

66Oujmp0SpNwHIoScHy7WUMcupYBFQ74y3wtrBzidxUG/h+r756Mcsl9FkWelkrI

B7ZV5D4yItB51/Oa+t5qCBt2YuBtbIYAp6XulaY7Ciep9bzGZmOYpKGVjQOZQhva

NIL86qByvNlzMNFREV71AycOL+hn41UQxPF71wikrOWoy1zFKOCUCuCYaTaNXp8q

XYNeYJ3ynMjaWik7pciA+9aQ8mpev5M1rEGHX5uHekkE6KwxSt6CQw==

-----END RSA PRIVATE KEY-----

quit

% Key pair import succeeded.

 

Regards,

Gowthamii Rao

 

Customers Also Viewed These Support Documents