05-10-2018 01:23 AM - edited 03-08-2019 02:58 PM
Hello,
I am trying to change the key for SSH from 1024 to 2048 but I have (so far) no solution for that.
Unfortunately, ip ssh rsa keypair-name SSH and crypto key generate rsa general-keys modulus 2048 label SSH don't work.
I trying also other combinations...
- crypto key generate rsa
- crypto key generate rsa general-keys modulus 2048
- crypto key generate rsa general-keys label SSH modulus 2048
None of the above worked...and the SSH key remains 1024.
Does anyone know how to change the SSH Key for this switch from 1024 to 2048?
Version is Version 12.2(50)SE4.
Thank You!
Solved! Go to Solution.
05-10-2018 01:29 AM
Hello,
have you zeroized the existing key first ?
crypto key zeroize rsa
?
05-10-2018 01:29 AM
Hello,
have you zeroized the existing key first ?
crypto key zeroize rsa
?
05-10-2018 01:39 AM
Hello and thanks for your reply.
I didn't try yet.
Is there any risk to lose the connection with the switch ?
05-10-2018 02:48 AM - edited 05-10-2018 02:49 AM
If you give a label to the key-pair, you have to assign it to your ssh-config:
https://supportforums.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344
Edit: Just see that you did ... Have you first generated the key and then assigned it to the ssh-config?
05-10-2018 03:09 AM
Hello and thanks for your reply.
Yes, I generated the key first.
There is no possibly to assign the key (labeled) to the SSH.
PTNS03(config)#ip ssh ? authentication-retries Specify number of authentication retries dscp IP DSCP value for SSH traffic logging Configure logging for SSH precedence IP Precedence value for SSH traffic source-interface Specify interface for source address in SSH connections time-out Specify SSH time-out interval version Specify protocol version supported
05-10-2018 04:00 AM
Hello,
do you need more than 1 key ? Unless you do, zeroize everything and create a new key without the label.
05-10-2018 04:39 AM
05-10-2018 04:59 AM
Hello,
if this is a remote site, use the 'reload in' command before making any changes. If you lose connectivity, the switch will reload by itself with the working configuration (obviously make sure you save the working config to the startup config first).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide