Solved: IOS RSA Key

zheepern0826 · ‎12-05-2017

Hi All,

I just configured a switch and i notice when i run "show crypto key mypubkey all", there is 2 rsa key inside.

Key name: CISCO_IDEVID_SUDI_LEGACY
Key type: RSA KEYS

Key name: CISCO_IDEVID_SUDI
Key type: RSA KEYS

Any idea what the key is about ? i tried to search in google but no results found.

Thank you.

Georg Pauwen · ‎12-05-2017

Hello,

I am not sure how the key gets in there, if you enable 'ip http secure-server' that generates a key, that could be it.

Either way, to remove the key, use the command below:

crypto key zeroize

View solution in original post

Georg Pauwen · ‎12-05-2017

Hello,

which device is this on, and which IOS version are you running ?

The CISCO_IDEVID_SUDI_LEGACY is for a legacy RSA server that newer IOS versions cannot use.

zheepern0826 · ‎12-05-2017

hi Georg,

My switch is ws-c3850-24T. and the firmware is IOS-XE Version 03.06.06E .
when i check the crypto key, it is already inside.

I am not sure what this key is about. Mind to brief me what this is about and can i remove it as i will generate my own key with "crypto key generate rsa modulus 2048".

please advise. thank you

Georg Pauwen · ‎12-05-2017

Hello,

I am not sure how the key gets in there, if you enable 'ip http secure-server' that generates a key, that could be it.

Either way, to remove the key, use the command below:

crypto key zeroize

packetlove · ‎04-12-2022

Hi,

I ran into the same issue with my Cisco 3650 running on 3.7.4E.

I generated new crypto key rsa with 2048 bits and i see new generated rsa keys when i do show crypto key mypubkey rsa.

But ssh is still not working. I am thinking that ssh is still probably using legacy keys. Let me know if you found a solution to this

Thanks in advance.