Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11820
Views
0
Helpful
7
Replies

Change SSH Key on 2960 Switches

Go to solution
CartoGraph
Level 1
Level 1

‎05-10-2018 01:23 AM - edited ‎03-08-2019 02:58 PM

Hello,

 

I am trying to change the key for SSH from 1024 to 2048 but I have (so far) no solution for that.

 

Unfortunately, ip ssh rsa keypair-name SSH and crypto key generate rsa general-keys modulus 2048 label SSH don't work.

 

I trying also other combinations...

 

- crypto key generate rsa
- crypto key generate rsa general-keys modulus 2048
- crypto key generate rsa general-keys label SSH modulus 2048

 

None of the above worked...and the SSH key remains 1024.

 

Does anyone know how to change the SSH Key for this switch from 1024 to 2048?

 

Version is Version 12.2(50)SE4.

 

Thank You!

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎05-10-2018 01:29 AM

Hello,

 

have you zeroized the existing key first ?

 

crypto key zeroize rsa 

 

?

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Georg Pauwen
VIP
VIP

‎05-10-2018 01:29 AM

Hello,

 

have you zeroized the existing key first ?

 

crypto key zeroize rsa 

 

?

0 Helpful

Go to solution
CartoGraph
Level 1
Level 1
In response to Georg Pauwen

‎05-10-2018 01:39 AM

Hello and thanks for your reply.

I didn't try yet.

Is there any risk to lose the connection with the switch ?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎05-10-2018 02:48 AM - edited ‎05-10-2018 02:49 AM

If you give a label to the key-pair, you have to assign it to your ssh-config:

https://supportforums.cisco.com/t5/security-documents/guide-to-better-ssh-security/ta-p/3133344

 

Edit: Just see that you did ... Have you first generated the key and then assigned it to the ssh-config?

0 Helpful

Go to solution
CartoGraph
Level 1
Level 1
In response to Karsten Iwen

‎05-10-2018 03:09 AM

Hello and thanks for your reply.

 

Yes, I generated the key first.

 

There is no possibly to assign the key (labeled) to the SSH.

 

PTNS03(config)#ip ssh ?
  authentication-retries  Specify number of authentication retries
  dscp                    IP DSCP value for SSH traffic
  logging                 Configure logging for SSH
  precedence              IP Precedence value for SSH traffic
  source-interface        Specify interface for source address in SSH connections
  time-out                Specify SSH time-out interval
  version                 Specify protocol version supported
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to CartoGraph

‎05-10-2018 04:00 AM

Hello,

 

do you need more than 1 key ? Unless you do, zeroize everything and create a new key without the label.

 

 

0 Helpful

Go to solution
CartoGraph
Level 1
Level 1
In response to Georg Pauwen

‎05-10-2018 04:39 AM

Is there any risk to lose the connection with the switch?
What are the risks if I lose the connection between the zeroize and key generation?
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to CartoGraph

‎05-10-2018 04:59 AM

Hello,

 

if this is a remote site, use the 'reload in' command before making any changes. If you lose connectivity, the switch will reload by itself with the working configuration (obviously make sure you save the working config to the startup config first).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card