Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6298
Views
15
Helpful
2
Replies

Size SSH key

Manoel Goncalves
Level 1
Level 1

‎05-03-2016 01:27 PM - edited ‎03-05-2019 03:56 AM

Hi, 

What command check the current size of the SSH key?

Thank you 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-03-2016 02:20 PM

It would help if you could give us a hint as to what kind of Cisco device you are wanting to know this for.

If this is an IOS router, do the command:

show crypto key mypubkey rsa

You could have multiple keys.  If you do find the key of type "General Purpose Key", and the key-name should be the router name.

Now look at the "Key Data".  Could how many lines long it is.

In config mode, execute:

crypto key generate rsa general-keys modulus 4096 label test 

Now examine the key with (not in config mode):

show crypto key mypubkey rsa test

Count how many lines long the key data is.  Delete the temporary key we created (in config mode):

crypto key zeroize rsa test

Was the temporary key we created the same size as your key?  Yes, then it is 4096 bits.  Was it bigger - if so repeat the above using a smaller key size until you get a matching size.  Was it smaller - if so repeat the above using a bigger key size until you get a matching size.

Karsten Iwen
VIP
VIP

‎05-03-2016 03:03 PM

I'm also not aware of an easy way to show the keysize, but a different way to get that info.

1) I have the following key;

voice881#sh crypto key mypubkey rsa
Key name: TEST
Key type: RSA KEYS
 Storage Device: not specified
 Usage: General Purpose Key
 Key is not exportable.
 Key Data:
 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
 00BB099F 04FE66E2 B6FFB6C3 016EF2A3 041A2ADC 89D20422 EE277DD4 BD35A809
 BF27B42B 1BE52D52 98306C9A 046F66F5 6D74BBAD EF2D1B9C EF4770D6 659947DF
 0691E3AA CDB64148 0ADBD4FF 4417D053 11B5DD11 74AD1B9A 0F13D4A1 8DE1A816
 6307C067 C2F3EF86 C18CEA9C 6FAF1915 4FD32426 E2322F92 96521F5C 447E07CE
 E5A83139 5F1F788E CC258DEB EEA629A7 8F686A69 6269E154 63E6A547 98D46C34
 7A0191FA 36885BE0 75FC7AB8 A3FAACD9 A0AC87E3 D59B2D8B 87204BCF 74D8B0A0
 810E7778 C31D68E5 A93A7A38 A9A7E14A 6250AEC8 0BB07142 5C2052E1 7ECC389A
 1C570E5F B3942255 CA8400B2 B8273BDF 99624FA1 185E660D A7AFDA50 AEDB075D
 F3020301 0001

2) configure a trustpoint for a self-signed certificate and configure it to use the key for which you want to know the keysize

voice881(config)#crypto pki trustpoint TEST
voice881(ca-trustpoint)#rsakeypair TEST
voice881(ca-trustpoint)#enrollment selfsigned

3) Enroll the trustpoint:

voice881(ca-trustpoint)#crypto pki enroll TEST
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]:
Generate Self Signed Router Certificate? [yes/no]: yes

Router Self Signed Certificate successfully created

4) The output of the certificate will include the keysize:

voice881(config)#do show crypto pki certificates verbose TEST | i bit
 RSA Public Key: (2048 bit)
Customers Also Viewed These Support Documents